Cavemanon/piratepoet
8
Fork 0
Code Pull Requests Actions Releases 16 Activity

Replaced "contains" by "indexOf" (chrome issue)

Browse Source 
- added public ajax routing (not checking permissions)
- exception handling in form subscription
This commit is contained in:
Jonathan Labreuille
2016-03-01 13:18:36 +01:00
parent c721843c12
commit 82ed7e51c5
4 changed files with 32 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
lib/Router/Router.php
View File

@@ -15,12 +15,26 @@ class Router {
);
add_action(
'wp_ajax_mailpoet',
array($this, 'setup')
array($this, 'setupAdmin')
);
add_action(
'wp_ajax_nopriv_mailpoet',
array($this, 'setupPublic')
);
}
function setup() {
$this->securityCheck();
function setupAdmin() {
$this->verifyToken();
$this->checkPermissions();
return $this->processRoute();
}
function setupPublic() {
$this->verifyToken();
return $this->processRoute();
}
function processRoute() {
$class = ucfirst($_POST['endpoint']);
$endpoint = __NAMESPACE__ . "\\" . $class;
$method = $_POST['method'];
@@ -43,8 +57,11 @@ class Router {
echo $global;
}
function securityCheck() {
function checkPermissions() {
if(!current_user_can('manage_options')) { die(); }
}
function verifyToken() {
if(!wp_verify_nonce($_POST['token'], 'mailpoet_token')) { die(); }
}
}