Changeset 3315005

Timestamp:

06/20/2025 06:03:21 AM (8 months ago)

Author:

Daisycon

Message:

Daisycon woocommerce v3.0.1

• Fixed security check in product and uninstall pages

Location:

daisycon-woocommerce-pixel/trunk

Files:

• README.txt (modified) (2 diffs)
• admin/class-daisycon-woocommerce-admin.php (modified) (6 diffs)
• admin/partials/daisycon-woocommerce-admin-deactivate.php (modified) (1 diff)
• daisycon-woocommerce.php (modified) (2 diffs)
• includes/class-daisycon-woocommerce-activator.php (modified) (1 diff)
• includes/class-daisycon-woocommerce.php (modified) (2 diffs)
• services/class-daisycon-campaign-service.php (modified) (1 diff)
• services/class-daisycon-common-service.php (deleted)

daisycon-woocommerce-pixel/trunk/README.txt

@@ -3 +3 @@
 Donate link: https://www.daisycon.com
 Tags: Daisycon, Daisycon WooCommerce Pixel, WooCommerce, Pixel, Conversion Pixel
-Version:           3.0.0
+Version:           3.0.1
 Author:            Daisycon
 Author URI:        https://www.daisycon.com
@@ -72 +72 @@
 == Changelog ==
 
+= 3.0.1 =
+* Fixed security check in product and uninstall pages
+
 = 3.0.0 =
-* Ran entire plugin through the wordpress plugin-check
-* Added support for storage of gclid and dci 
+* Ran entire plugin through the Wordpress plugin-check
+* Added support for storage of gclid and dci
 
 = 2.3.0 =

daisycon-woocommerce-pixel/trunk/admin/class-daisycon-woocommerce-admin.php

@@ -101 +101 @@
     public function daisycon_add_custom_cc_option()
     {
+        $nonce = wp_create_nonce('dc_save_custom_cc_nonce');
+
         echo '<div class="options_group">';
-            woocommerce_wp_text_input([
-                'id'          => '_daisycon_cc',
-                'label'       => 'Daisycon Pixel Commission Code',
-                'desc_tip'    => 'true',
-                'description' => 'Enter the Daisycon Pixel Commission Code here.',
-            ]);
+        woocommerce_wp_text_input([
+            'id'    => 'dc_save_custom_cc_nonce',
+            'type'  => 'hidden',
+            'value' => $nonce,
+        ]);
+        woocommerce_wp_text_input([
+            'id'          => '_daisycon_cc',
+            'label'       => 'Daisycon Pixel Commission Code',
+            'desc_tip'    => 'true',
+            'description' => 'Enter the Daisycon Pixel Commission Code here.',
+        ]);
         echo '</div>';
     }
@@ -120 +127 @@
     public function daisycon_save_custom_cc_option($product_id)
     {
-        $nonce = true === isset($_POST['dc_submit_media_nonce'])
-            ? sanitize_text_field(wp_unslash($_POST['dc_submit_media_nonce']))
+        $nonce = true === isset($_POST['dc_save_custom_cc_nonce'])
+            ? sanitize_text_field(wp_unslash($_POST['dc_save_custom_cc_nonce']))
             : null;
 
-        if (false === wp_verify_nonce($nonce, 'dc_submit_media_action')) {
-            wp_die('Security check failed');
+        if (false === wp_verify_nonce($nonce, 'dc_save_custom_cc_nonce')) {
+            wp_die('Security check failed (1)');
         }
 
@@ -144 +151 @@
     public function daisycon_cc_quick_edit()
     {
+        $nonce = wp_create_nonce('dc_save_custom_cc_nonce');
         echo sprintf(
             '<div class="inline-edit-group daisycon_cc_quick_edit">
@@ -149 +157 @@
                         <span class="title">%s</span>
                         <span class="input-text-wrap">
+                            <input type="hidden" name="dc_save_custom_cc_nonce" value="' . esc_attr($nonce) . '"/>
                             <input type="text" name="daisycon_cc" class="text daisycon_cc_quick_edit_input" value="test" />
                         </span>
@@ -162 +171 @@
     public function daisycon_cc_quick_edit_save()
     {
-        $nonce = true === isset($_POST['dc_submit_media_nonce'])
-            ? sanitize_text_field(wp_unslash($_POST['dc_submit_media_nonce']))
+        $nonce = true === isset($_POST['dc_save_custom_cc_nonce'])
+            ? sanitize_text_field(wp_unslash($_POST['dc_save_custom_cc_nonce']))
             : null;
 
-        if (false === wp_verify_nonce($nonce, 'dc_submit_media_action')) {
-            wp_die('Security check failed');
+        if (false === wp_verify_nonce($nonce, 'dc_save_custom_cc_nonce')) {
+            wp_die('Security check failed (2)');
         }
 
@@ -187 +196 @@
     {
         if ($column == 'name') {
-            echo '<div class="hidden daisycon_cc_inline"'
-                . ' id="daisycon_cc_inline_' . esc_attr($post_id) .'"'
-                . '>'
+            echo '<div class="hidden daisycon_cc_inline" id="daisycon_cc_inline_' . esc_attr($post_id) .'"' . '>'
                 . esc_html(get_post_meta($post_id, '_daisycon_cc', true))
                 . '</div>';

daisycon-woocommerce-pixel/trunk/admin/partials/daisycon-woocommerce-admin-deactivate.php

@@ -8 +8 @@
     $pluginPageUrl = $pluginPage. '?action=deactivate&plugin=' . urlencode( $pluginSlug ).'&option=1';
     $nonceUrl = wp_nonce_url( $pluginPageUrl, 'deactivate-plugin_' . $pluginSlug );
+    $nonce = wp_create_nonce('dc_deactivate_nonce');
 ?>
 <form method="POST" action="<?php echo esc_url( $nonceUrl ); ?>">
+    <input type="hidden" name="dc_deactivate_nonce" value="<?php echo esc_attr($nonce); ?>"/>
     <div class="dc-core-container__notice dc-core-container__notice--info">
         <p>We're sorry to see you go! Please let us know why you're removing our affiliate marketing plugin so we can manage your settings accordingly. Choose an option below:</p>

daisycon-woocommerce-pixel/trunk/daisycon-woocommerce.php

@@ -13 +13 @@
  * Description:       This plugin will automatically add the Daisycon Pixel to the WooCommerce success page
  *
- * Version:           3.0.0
+ * Version:           3.0.1
  * Author:            Daisycon
  * Author URI:        https://www.daisycon.com
@@ -53 +53 @@
  * Currently plugin version.
  */
-const DAISYCON_PLUGIN_VERSION = '3.0.0';
+const DAISYCON_PLUGIN_VERSION = '3.0.1';
 
 /**

daisycon-woocommerce-pixel/trunk/includes/class-daisycon-woocommerce-activator.php

@@ -171 +171 @@
     {
         if (true === isset($_SERVER['REQUEST_METHOD']) &&  $_SERVER['REQUEST_METHOD'] === 'POST') {
-            if (false === isset($_POST['dc_submit_media_nonce'])) {
-                wp_die('Security check failed');
+            if (false === isset($_POST['dc_deactivate_nonce'])) {
+                wp_die('Security check failed (3)');
             }
 
-            $nonce = sanitize_text_field(wp_unslash($_POST['dc_submit_media_nonce']));
+            $nonce = sanitize_text_field(wp_unslash($_POST['dc_deactivate_nonce']));
 
-            if (false === wp_verify_nonce($nonce, 'dc_submit_media_action')) {
-                wp_die('Security check failed');
+            if (false === wp_verify_nonce($nonce, 'dc_deactivate_nonce')) {
+                wp_die('Security check failed (4)');
             }
         }

daisycon-woocommerce-pixel/trunk/includes/class-daisycon-woocommerce.php

@@ -72 +72 @@
         $this->version = true === defined('DAISYCON_PLUGIN_VERSION')
             ? DAISYCON_PLUGIN_VERSION
-            : '3.0.0';
+            : '3.0.1';
 
         $this->plugin_name = 'daisycon-woocommerce';
@@ -165 +165 @@
         $this->loader->add_action('wp_ajax_load_matching_domains', $campaignService, 'loadMatchingDomains');
 
-        $commonService = new Daisycon_Common_Service();
-        $this->loader->add_action('wp_ajax_daisycon_get_setting_value', $commonService, 'getSettingsValue');
-
         $integrationService = new Daisycon_Integration_Service();
         $this->loader->add_action('wp_ajax_deactivate_store', $integrationService, 'deactivateStore');

daisycon-woocommerce-pixel/trunk/services/class-daisycon-campaign-service.php

@@ -66 +66 @@
 
         if (false === wp_verify_nonce($nonce, 'load_matching_domains_nonce')) {
-            wp_die('Security check failed');
+            wp_die('Security check failed (5)');
         }