1ff7e3f4be
- improved MailPoet ajax to fix token issue - added js validation and ajax submit in public.js - add util security to generate tokens - updated router to use new util security - added jquery-validation module - update public config in webpack config - added error messages in form
44 lines
985 B
PHP
44 lines
985 B
PHP
<?php
|
|
namespace MailPoet\Router;
|
|
use \MailPoet\Util\Security;
|
|
|
|
if(!defined('ABSPATH')) exit;
|
|
|
|
class Router {
|
|
function __construct() {
|
|
}
|
|
|
|
function init() {
|
|
add_action(
|
|
'admin_head',
|
|
array($this, 'setToken')
|
|
);
|
|
add_action(
|
|
'wp_ajax_mailpoet',
|
|
array($this, 'setup')
|
|
);
|
|
}
|
|
|
|
function setup() {
|
|
$this->securityCheck();
|
|
$class = ucfirst($_POST['endpoint']);
|
|
$endpoint = __NAMESPACE__ . "\\" . $class;
|
|
$method = $_POST['method'];
|
|
$data = $_POST['data'];
|
|
$endpoint = new $endpoint();
|
|
$endpoint->$method($data);
|
|
}
|
|
|
|
function setToken() {
|
|
$global = '<script type="text/javascript">';
|
|
$global .= 'var mailpoet_token = "'.Security::generateToken().'";';
|
|
$global .= "</script>/n";
|
|
echo $global;
|
|
}
|
|
|
|
function securityCheck() {
|
|
if (!current_user_can('manage_options')) {die();}
|
|
if (!wp_verify_nonce($_POST['token'], 'mailpoet_token')) {die();}
|
|
}
|
|
}
|