wpnonce token added

live-composer · Mar 9, 2024 · 5ac7c06 · 5ac7c06
1 parent 3f235b5
commit 5ac7c06
Show file tree

Hide file tree

Showing 9 changed files with 31 additions and 20 deletions.
diff --git a/includes/ajax.php b/includes/ajax.php
@@ -31,7 +31,7 @@
 function dslc_ajax_add_modules_section( $atts ) {
 
 	// Allowed to do this?
-	if ( is_user_logged_in() && current_user_can( DS_LIVE_COMPOSER_CAPABILITY ) ) {
+	if ( is_user_logged_in() && current_user_can( DS_LIVE_COMPOSER_CAPABILITY ) && wp_verify_nonce($_REQUEST['_wpnonce'], 'dslc-ajax-wpnonce' )) {
 
 		// The array we'll pass back to the AJAX call.
 		$response = array();
@@ -75,7 +75,7 @@ function dslc_ajax_add_modules_section( $atts ) {
 function dslc_ajax_add_module( $atts ) {
 
 	// Allowed to do this?
-	if ( is_user_logged_in() && current_user_can( DS_LIVE_COMPOSER_CAPABILITY ) ) {
+	if ( is_user_logged_in() && current_user_can( DS_LIVE_COMPOSER_CAPABILITY ) && wp_verify_nonce($_REQUEST['_wpnonce'], 'dslc-ajax-wpnonce' ) ) {
 
 		// The array we'll pass back to the AJAX call.
 		$response = array();
@@ -215,7 +215,7 @@ function dslc_ajax_add_module( $atts ) {
 function dslc_ajax_display_module_options( $atts ) {
 
 	// Allowed to do this?
-	if ( is_user_logged_in() && current_user_can( DS_LIVE_COMPOSER_CAPABILITY ) ) {
+	if ( is_user_logged_in() && current_user_can( DS_LIVE_COMPOSER_CAPABILITY ) && wp_verify_nonce($_REQUEST['_wpnonce'], 'dslc-ajax-wpnonce' ) ) {
 
 		// The array we'll pass back to the AJAX call.
 		$response = array();
@@ -292,7 +292,7 @@ function dslc_ajax_display_module_options( $atts ) {
 function dslc_ajax_save_composer( $atts ) {
 
 	// Allowed to do this?
-	if ( is_user_logged_in() && current_user_can( DS_LIVE_COMPOSER_CAPABILITY_SAVE ) ) {
+	if ( is_user_logged_in() && current_user_can( DS_LIVE_COMPOSER_CAPABILITY_SAVE ) && wp_verify_nonce($_REQUEST['_wpnonce'], 'dslc-ajax-wpnonce' ) ) {
 
 		// The array we'll pass back to the AJAX call.
 		$response = array();
@@ -381,7 +381,7 @@ function dslc_ajax_save_composer( $atts ) {
 function dslc_ajax_save_draft_composer( $atts ) {
 
 	// Allowed to do this?
-	if ( is_user_logged_in() && current_user_can( DS_LIVE_COMPOSER_CAPABILITY_SAVE ) ) {
+	if ( is_user_logged_in() && current_user_can( DS_LIVE_COMPOSER_CAPABILITY_SAVE ) && wp_verify_nonce($_REQUEST['_wpnonce'], 'dslc-ajax-wpnonce' )) {
 
 		// The array we'll pass back to the AJAX call.
 		$response = array();
@@ -425,7 +425,7 @@ function dslc_ajax_save_draft_composer( $atts ) {
 function dslc_ajax_load_template( $atts ) {
 
 	// Allowed to do this?
-	if ( is_user_logged_in() && current_user_can( DS_LIVE_COMPOSER_CAPABILITY ) ) {
+	if ( is_user_logged_in() && current_user_can( DS_LIVE_COMPOSER_CAPABILITY ) && wp_verify_nonce($_REQUEST['_wpnonce'], 'dslc-ajax-wpnonce' )) {
 
 		// The array that holds active templates.
 		$templates = dslc_get_templates();
@@ -464,7 +464,7 @@ function dslc_ajax_load_template( $atts ) {
 function dslc_ajax_import_template( $atts ) {
 
 	// Allowed to do this?
-	if ( is_user_logged_in() && current_user_can( DS_LIVE_COMPOSER_CAPABILITY ) ) {
+	if ( is_user_logged_in() && current_user_can( DS_LIVE_COMPOSER_CAPABILITY ) && wp_verify_nonce($_REQUEST['_wpnonce'], 'dslc-ajax-wpnonce' )) {
 
 		// The array we'll pass back to the AJAX call.
 		$response = array();
@@ -501,7 +501,7 @@ function dslc_ajax_import_template( $atts ) {
 function dslc_ajax_save_template( $atts ) {
 
 	// Allowed to do this?
-	if ( is_user_logged_in() && current_user_can( DS_LIVE_COMPOSER_CAPABILITY_SAVE ) ) {
+	if ( is_user_logged_in() && current_user_can( DS_LIVE_COMPOSER_CAPABILITY_SAVE ) && wp_verify_nonce($_REQUEST['_wpnonce'], 'dslc-ajax-wpnonce' )) {
 
 		// Response to the AJAX call.
 		$response = array();
@@ -639,7 +639,7 @@ function dslc_ajax_import_modules_section( $atts ) {
  */
 function dslc_ajax_dm_module_defaults_code( $atts ) {
 	// Allowed to do this?
-	if ( is_user_logged_in() && current_user_can( DS_LIVE_COMPOSER_CAPABILITY ) ) {
+	if ( is_user_logged_in() && current_user_can( DS_LIVE_COMPOSER_CAPABILITY ) && wp_verify_nonce($_REQUEST['_wpnonce'], 'dslc-ajax-wpnonce')) {
 
 		$code = '';
 
@@ -713,7 +713,7 @@ function dslc_ajax_dm_module_defaults_code( $atts ) {
 function dslc_ajax_save_preset() {
 
 	// Allowed to do this?
-	if ( is_user_logged_in() && current_user_can( DS_LIVE_COMPOSER_CAPABILITY ) ) {
+	if ( is_user_logged_in() && current_user_can( DS_LIVE_COMPOSER_CAPABILITY ) && wp_verify_nonce($_REQUEST['_wpnonce'], 'dslc-ajax-wpnonce' )) {
 
 		// The array we'll pass back to the AJAX call.
 		$response = array();
@@ -761,7 +761,7 @@ function dslc_ajax_save_preset() {
 function dslc_ajax_delete_preset() {
 
 	// Allowed to do this?
-	if ( is_user_logged_in() && current_user_can( DS_LIVE_COMPOSER_CAPABILITY ) ) {
+	if ( is_user_logged_in() && current_user_can( DS_LIVE_COMPOSER_CAPABILITY ) && wp_verify_nonce($_REQUEST['_wpnonce'], 'dslc-ajax-wpnonce' )) {
 
 		// The array we'll pass back to the AJAX call.
 		$response = array();
@@ -836,7 +836,7 @@ function dslc_ajax_clear_cache() {
 function dslc_ajax_toggle_extension( $atts ) {
 
 	// Allowed to do this?
-	if ( is_user_logged_in() && current_user_can( DS_LIVE_COMPOSER_CAPABILITY_SAVE ) ):
+	if ( is_user_logged_in() && current_user_can( DS_LIVE_COMPOSER_CAPABILITY_SAVE ) && wp_verify_nonce($_REQUEST['_wpnonce'], 'dslc-ajax-wpnonce' )):
 
 	// The array we'll pass back to the AJAX call.
 	$response = false;

diff --git a/js/builder.all.min.js b/js/builder.all.min.js
diff --git a/js/dist/editor_backend.min.js b/js/dist/editor_backend.min.js
diff --git a/js/dist/editor_backend.min.js.map b/js/dist/editor_backend.min.js.map
diff --git a/js/src/editor/backend/codegeneration.js b/js/src/editor/backend/codegeneration.js
@@ -44,6 +44,7 @@ function dslc_save_composer() {
 		url: DSLCAjax.ajaxurl,
 		data: {
 			action : 'dslc-ajax-save-composer',
+			_wpnonce : DSLCAjax._wpnonce,
 			dslc : 'active',
 			dslc_post_id : postID,
 			dslc_code : composerCode,
@@ -111,6 +112,7 @@ function dslc_save_draft_composer() {
 		DSLCAjax.ajaxurl,
 		{
 			action : 'dslc-ajax-save-draft-composer',
+			_wpnonce : DSLCAjax._wpnonce,
 			dslc : 'active',
 			dslc_post_id : postID,
 			dslc_code : composerCode,
@@ -599,4 +601,4 @@ export const editableContentCodeGeneration = ( dslcField ) => {
 
 export const codeGenerationInitJS = () => {
 	setEventListeners();
-}
+}
diff --git a/js/src/editor/backend/module.js b/js/src/editor/backend/module.js
@@ -605,6 +605,7 @@ window.dslc_module_options_show = function( moduleID ) {
 	// Settings array for the Ajax call
 	var dslcSettings = {};
 	dslcSettings['action'] = 'dslc-ajax-display-module-options';
+	_wpnonce : DSLCAjax._wpnonce,
 	dslcSettings['dslc'] = 'active';
 	dslcSettings['dslc_module_id'] = moduleID;
 	dslcSettings['dslc_post_id'] = jQuery('.dslca-container').data('data-post-id');
@@ -744,6 +745,7 @@ export const moduleOutputDefault = ( dslc_module_id, callback ) => {
 		DSLCAjax.ajaxurl,
 		{
 			action : 'dslc-ajax-add-module',
+			_wpnonce : DSLCAjax._wpnonce,
 			dslc : 'active',
 			dslc_module_id : dslc_module_id, // ex. DSLC_Button
 			dslc_post_id : jQuery('.dslca-container').data('post-id'),
@@ -935,6 +937,7 @@ function dslc_dm_get_defaults( module ) {
 		DSLCAjax.ajaxurl,
 		{
 			action : 'dslc-ajax-dm-module-defaults',
+			_wpnonce : DSLCAjax._wpnonce,
 			dslc : 'active',
 			dslc_modules_options : optionsCode
 		},
@@ -957,4 +960,4 @@ function dslc_reload_module( moduleID, callback ) { window.dslc_module_output_re
 export const moduleInitJS = () => {
 	adjustZindex();
 	editableContentTextEvents();
-}
+}
diff --git a/js/src/editor/backend/presets.js b/js/src/editor/backend/presets.js
@@ -29,6 +29,7 @@ export const updatePreset = () => {
 			DSLCAjax.ajaxurl,
 			{
 				action : 'dslc-ajax-save-preset',
+				_wpnonce : DSLCAjax._wpnonce,
 				dslc_preset_name : presetName,
 				dslc_preset_code : presetCode,
 				dslc_module_id : moduleID
@@ -107,6 +108,7 @@ jQuery(document).ready(function($){
 				DSLCAjax.ajaxurl,
 				{
 					action : 'dslc-ajax-delete-preset',
+					_wpnonce : DSLCAjax._wpnonce,
 					dslc_preset_name : presetName,
 					dslc_module_id : moduleID
 				},
@@ -122,4 +124,4 @@ jQuery(document).ready(function($){
 
 export const presetsInit = () => {
 
-}
+}
diff --git a/js/src/editor/backend/sections.js b/js/src/editor/backend/sections.js
@@ -228,6 +228,7 @@ export const addSection = ( callback ) => {
 			DSLCAjax.ajaxurl,
 			{
 				action : 'dslc-ajax-add-modules-section',
+				_wpnonce : DSLCAjax._wpnonce,s
 				dslc : 'active'
 			},
 			function( response ) {
@@ -738,4 +739,4 @@ export const sectionsInit = () => {
 		jQuery('.dslca-row-options-filter-hook.dslca-active').removeClass('dslca-active');
 		LiveComposer.Builder.PreviewAreaWindow.dslc_responsive_classes( true );
 	});
-}
+}
diff --git a/js/src/editor/backend/templates.js b/js/src/editor/backend/templates.js
@@ -38,6 +38,7 @@ const loadTemplateById = ( template ) => {
 		DSLCAjax.ajaxurl,
 		{
 			action : 'dslc-ajax-load-template',
+			_wpnonce : DSLCAjax._wpnonce,
 			dslc : 'active',
 			dslc_template_id : template
 		},
@@ -82,6 +83,7 @@ function dslc_template_import() {
 		DSLCAjax.ajaxurl,
 		{
 			action : 'dslc-ajax-import-template',
+			_wpnonce : DSLCAjax._wpnonce,
 			dslc : 'active',
 			dslc_template_code : jQuery('#dslca-import-code').val()
 		},
@@ -142,6 +144,7 @@ function dslc_template_delete( template ) {
 		DSLCAjax.ajaxurl,
 		{
 			action : 'dslc-ajax-delete-template',
+			_wpnonce : DSLCAjax._wpnonce,
 			dslc : 'active',
 			dslc_template_id : template
 		},