summaryrefslogtreecommitdiffstats
path: root/includes
diff options
context:
space:
mode:
authorHarald Eilertsen <haraldei@anduin.net>2022-03-12 18:42:33 +0100
committerHarald Eilertsen <haraldei@anduin.net>2022-03-12 18:42:33 +0100
commit1c6ac0fc1390510a0f0e12295c86e90bc313f2ef (patch)
treebb38ea717cb12647574001900391d6706fab4891 /includes
parent6c86c2b2d75ac4f989826275f4a63294bdc2fd17 (diff)
downloadgigologadmin-1c6ac0fc1390510a0f0e12295c86e90bc313f2ef.tar.gz
gigologadmin-1c6ac0fc1390510a0f0e12295c86e90bc313f2ef.tar.bz2
gigologadmin-1c6ac0fc1390510a0f0e12295c86e90bc313f2ef.zip
Move update new venue form to class.
Also fix nonce checking.
Diffstat (limited to 'includes')
-rw-r--r--includes/admin/views/_new_venue_form.php18
-rw-r--r--includes/admin/views/giglog_admin_page.php20
2 files changed, 20 insertions, 18 deletions
diff --git a/includes/admin/views/_new_venue_form.php b/includes/admin/views/_new_venue_form.php
index 13d70f6..ab02bbe 100644
--- a/includes/admin/views/_new_venue_form.php
+++ b/includes/admin/views/_new_venue_form.php
@@ -15,7 +15,7 @@ if ( !class_exists( "GiglogAdmin_NewVenueForm" ) )
. '<p><strong>VENUE DETAILS</strong></p>'
. '<form method="POST" action="" class="venue">'
. ' <fieldset>'
- . wp_nonce_field( plugin_basename( __FILE__ ), 'giglog_new_venue_nonce' )
+ . wp_nonce_field( 'edit-venue', 'nonce' )
. ' <div class="field venue_name_field">'
. ' <label for="venue">Venue Name:</label>'
. ' <input type="text" id="venuename" name="venuename">'
@@ -31,5 +31,21 @@ if ( !class_exists( "GiglogAdmin_NewVenueForm" ) )
. '</form>'
. '</div>';
}
+
+ static function update() : void
+ {
+ if (!isset($_POST['nonce']) || !wp_verify_nonce($_POST['nonce'], 'edit-venue')) {
+ header("{$_SERVER['SERVER_PROTOCOL']} 403 Forbidden");
+ wp_die('CSRF validation failed.', 403);
+ }
+
+ if (empty($_POST['venuename']) || empty($_POST['venuecity'])) {
+ echo '<script language="javascript">alert("You are missing a value, venue was not created"); </script>';
+ }
+ else {
+ GiglogAdmin_Venue::create($_POST['venuename'],$_POST['venuecity']);
+ echo '<script language="javascript">alert("Yey, venue created"); </script>';
+ }
+ }
}
}
diff --git a/includes/admin/views/giglog_admin_page.php b/includes/admin/views/giglog_admin_page.php
index a2682a1..7da93de 100644
--- a/includes/admin/views/giglog_admin_page.php
+++ b/includes/admin/views/giglog_admin_page.php
@@ -82,23 +82,9 @@ if ( !class_exists( 'GiglogAdmin_AdminPage' ) ) {
return;
}
- if(isset($_POST['newvenue']))
- {
- if (!isset($_POST['giglog_new_venue_nonce'])
- || wp_verify_nonce($_POST['giglog_new_venue_nonce'], plugin_basename( __FILE__ )))
- {
- header("{$_SERVER['SERVER_PROTOCOL']} 403 Forbidden");
- wp_die('CSRF validation failed.', 403);
- }
-
- if (empty($_POST['venuename']) || empty($_POST['venuecity'])) {
- echo '<script language="javascript">alert("You are missing a value, venue was not created"); </script>';
- }
- else
- {
- GiglogAdmin_Venue::create($_POST['venuename'],$_POST['venuecity']);
- echo '<script language="javascript">alert("Yey, venue created"); </script>';
- }
+ if (isset($_POST['newvenue'])) {
+ GiglogAdmin_NewVenueForm::update();
+ return;
}
}
}