Changeset 3384756

Timestamp:

10/26/2025 02:32:14 PM (7 weeks ago)

Author:

seedprod

Message:

Staging 6.19.4

Location:

coming-soon/trunk/admin

Files:

• includes/review-functions.php (modified) (4 diffs)
• js/review-notice.js (added)

coming-soon/trunk/admin/includes/review-functions.php

@@ -21 +21 @@
  */
 function seedprod_lite_v2_init_review_request() {
+    // Temporarily disabled - will be converted to trigger-based system
+    return;
+
     // Only show for Lite builds
     if ( 'lite' !== SEEDPROD_BUILD ) {
@@ -26 +29 @@
     }
 
+    // Enqueue review notice JavaScript
+    add_action( 'admin_enqueue_scripts', 'seedprod_lite_v2_enqueue_review_scripts' );
+
     // Admin notice requesting review
     add_action( 'admin_notices', 'seedprod_lite_v2_review_request' );
@@ -33 +39 @@
 }
 add_action( 'admin_init', 'seedprod_lite_v2_init_review_request' );
+
+/**
+ * Enqueue review notice JavaScript
+ *
+ * Only loads on pages where review notice might display.
+ *
+ * @since 7.0.0
+ */
+function seedprod_lite_v2_enqueue_review_scripts() {
+    // Only enqueue for super admins (same check as review display)
+    if ( ! is_super_admin() ) {
+        return;
+    }
+
+    // Don't load on SeedProd pages (review notice doesn't show there)
+    $screen = get_current_screen();
+    if ( $screen && strpos( $screen->id, 'seedprod' ) !== false ) {
+        return;
+    }
+
+    // Enqueue the review notice handler
+    wp_enqueue_script(
+        'seedprod-review-notice',
+        plugin_dir_url( dirname( __FILE__ ) ) . 'js/review-notice.js',
+        array( 'jquery' ),
+        SEEDPROD_VERSION,
+        true
+    );
+
+    // Localize script with nonce for AJAX security
+    wp_localize_script(
+        'seedprod-review-notice',
+        'seedprodReviewNotice',
+        array(
+            'nonce' => wp_create_nonce( 'seedprod_review_dismiss' ),
+        )
+    );
+}
 
 /**
@@ -180 +224 @@
  */
 function seedprod_lite_v2_review_dismiss() {
-    // Security check
+    // Verify nonce for security
+    check_ajax_referer( 'seedprod_review_dismiss', 'nonce' );
+
+    // Security check - verify user capability
     if ( ! current_user_can( 'manage_options' ) ) {
         wp_die();
     }
 
-    // Check if this is a permanent dismissal
-    $permanent = isset( $_POST['permanent'] ) && $_POST['permanent'] === 'true';
+    // Check if this is a permanent dismissal (sanitize input)
+    $permanent = isset( $_POST['permanent'] ) && sanitize_text_field( wp_unslash( $_POST['permanent'] ) ) === 'true';
 
     if ( $permanent ) {