diff options
author | Harald Eilertsen <haraldei@anduin.net> | 2022-03-12 18:42:33 +0100 |
---|---|---|
committer | Harald Eilertsen <haraldei@anduin.net> | 2022-03-12 18:42:33 +0100 |
commit | 1c6ac0fc1390510a0f0e12295c86e90bc313f2ef (patch) | |
tree | bb38ea717cb12647574001900391d6706fab4891 | |
parent | 6c86c2b2d75ac4f989826275f4a63294bdc2fd17 (diff) | |
download | gigologadmin-1c6ac0fc1390510a0f0e12295c86e90bc313f2ef.tar.gz gigologadmin-1c6ac0fc1390510a0f0e12295c86e90bc313f2ef.tar.bz2 gigologadmin-1c6ac0fc1390510a0f0e12295c86e90bc313f2ef.zip |
Move update new venue form to class.
Also fix nonce checking.
-rw-r--r-- | includes/admin/views/_new_venue_form.php | 18 | ||||
-rw-r--r-- | includes/admin/views/giglog_admin_page.php | 20 |
2 files changed, 20 insertions, 18 deletions
diff --git a/includes/admin/views/_new_venue_form.php b/includes/admin/views/_new_venue_form.php index 13d70f6..ab02bbe 100644 --- a/includes/admin/views/_new_venue_form.php +++ b/includes/admin/views/_new_venue_form.php @@ -15,7 +15,7 @@ if ( !class_exists( "GiglogAdmin_NewVenueForm" ) ) . '<p><strong>VENUE DETAILS</strong></p>' . '<form method="POST" action="" class="venue">' . ' <fieldset>' - . wp_nonce_field( plugin_basename( __FILE__ ), 'giglog_new_venue_nonce' ) + . wp_nonce_field( 'edit-venue', 'nonce' ) . ' <div class="field venue_name_field">' . ' <label for="venue">Venue Name:</label>' . ' <input type="text" id="venuename" name="venuename">' @@ -31,5 +31,21 @@ if ( !class_exists( "GiglogAdmin_NewVenueForm" ) ) . '</form>' . '</div>'; } + + static function update() : void + { + if (!isset($_POST['nonce']) || !wp_verify_nonce($_POST['nonce'], 'edit-venue')) { + header("{$_SERVER['SERVER_PROTOCOL']} 403 Forbidden"); + wp_die('CSRF validation failed.', 403); + } + + if (empty($_POST['venuename']) || empty($_POST['venuecity'])) { + echo '<script language="javascript">alert("You are missing a value, venue was not created"); </script>'; + } + else { + GiglogAdmin_Venue::create($_POST['venuename'],$_POST['venuecity']); + echo '<script language="javascript">alert("Yey, venue created"); </script>'; + } + } } } diff --git a/includes/admin/views/giglog_admin_page.php b/includes/admin/views/giglog_admin_page.php index a2682a1..7da93de 100644 --- a/includes/admin/views/giglog_admin_page.php +++ b/includes/admin/views/giglog_admin_page.php @@ -82,23 +82,9 @@ if ( !class_exists( 'GiglogAdmin_AdminPage' ) ) { return; } - if(isset($_POST['newvenue'])) - { - if (!isset($_POST['giglog_new_venue_nonce']) - || wp_verify_nonce($_POST['giglog_new_venue_nonce'], plugin_basename( __FILE__ ))) - { - header("{$_SERVER['SERVER_PROTOCOL']} 403 Forbidden"); - wp_die('CSRF validation failed.', 403); - } - - if (empty($_POST['venuename']) || empty($_POST['venuecity'])) { - echo '<script language="javascript">alert("You are missing a value, venue was not created"); </script>'; - } - else - { - GiglogAdmin_Venue::create($_POST['venuename'],$_POST['venuecity']); - echo '<script language="javascript">alert("Yey, venue created"); </script>'; - } + if (isset($_POST['newvenue'])) { + GiglogAdmin_NewVenueForm::update(); + return; } } } |