Skip to content

Commit

Permalink
fix(donations): add checkout nonce verification
Browse files Browse the repository at this point in the history
  • Loading branch information
@chickenn00dle
chickenn00dle committed Dec 19, 2024
1 parent cbe7f45 commit 3884884
Showing 1 changed file with 7 additions and 0 deletions.
7 changes: 7 additions & 0 deletions includes/class-donations.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -665,13 +665,20 @@ public static function process_donation_request() {
return;
}

// Nonce value defined in \Newpack_Blocks\Modal_Checkout.
if ( ! check_ajax_referer( 'newspack_checkout_nonce' ) ) {
wp_send_json_error( [ 'message' => __( 'Invalid nonce.', 'newspack-blocks' ) ] );
wp_die();
}

$is_modal_checkout = filter_input( INPUT_GET, 'modal_checkout', FILTER_SANITIZE_NUMBER_INT );

// Parse values from the form.
$donation_frequency = filter_input( INPUT_GET, 'donation_frequency', FILTER_SANITIZE_FULL_SPECIAL_CHARS );
if ( ! $donation_frequency ) {
return;
}

$donation_value = filter_input( INPUT_GET, 'donation_value_' . $donation_frequency, FILTER_SANITIZE_FULL_SPECIAL_CHARS );
if ( ! $donation_value ) {
$donation_value = filter_input( INPUT_GET, 'donation_value_' . $donation_frequency . '_untiered', FILTER_SANITIZE_FULL_SPECIAL_CHARS );
Expand Down

0 comments on commit 3884884

Please sign in to comment.