From 1c6ac0fc1390510a0f0e12295c86e90bc313f2ef Mon Sep 17 00:00:00 2001 From: Harald Eilertsen Date: Sat, 12 Mar 2022 18:42:33 +0100 Subject: Move update new venue form to class. Also fix nonce checking. --- includes/admin/views/_new_venue_form.php | 18 +++++++++++++++++- includes/admin/views/giglog_admin_page.php | 20 +++----------------- 2 files changed, 20 insertions(+), 18 deletions(-) (limited to 'includes') diff --git a/includes/admin/views/_new_venue_form.php b/includes/admin/views/_new_venue_form.php index 13d70f6..ab02bbe 100644 --- a/includes/admin/views/_new_venue_form.php +++ b/includes/admin/views/_new_venue_form.php @@ -15,7 +15,7 @@ if ( !class_exists( "GiglogAdmin_NewVenueForm" ) ) . '

VENUE DETAILS

' . '
' . '
' - . wp_nonce_field( plugin_basename( __FILE__ ), 'giglog_new_venue_nonce' ) + . wp_nonce_field( 'edit-venue', 'nonce' ) . '
' . ' ' . ' ' @@ -31,5 +31,21 @@ if ( !class_exists( "GiglogAdmin_NewVenueForm" ) ) . '' . '
'; } + + static function update() : void + { + if (!isset($_POST['nonce']) || !wp_verify_nonce($_POST['nonce'], 'edit-venue')) { + header("{$_SERVER['SERVER_PROTOCOL']} 403 Forbidden"); + wp_die('CSRF validation failed.', 403); + } + + if (empty($_POST['venuename']) || empty($_POST['venuecity'])) { + echo ''; + } + else { + GiglogAdmin_Venue::create($_POST['venuename'],$_POST['venuecity']); + echo ''; + } + } } } diff --git a/includes/admin/views/giglog_admin_page.php b/includes/admin/views/giglog_admin_page.php index a2682a1..7da93de 100644 --- a/includes/admin/views/giglog_admin_page.php +++ b/includes/admin/views/giglog_admin_page.php @@ -82,23 +82,9 @@ if ( !class_exists( 'GiglogAdmin_AdminPage' ) ) { return; } - if(isset($_POST['newvenue'])) - { - if (!isset($_POST['giglog_new_venue_nonce']) - || wp_verify_nonce($_POST['giglog_new_venue_nonce'], plugin_basename( __FILE__ ))) - { - header("{$_SERVER['SERVER_PROTOCOL']} 403 Forbidden"); - wp_die('CSRF validation failed.', 403); - } - - if (empty($_POST['venuename']) || empty($_POST['venuecity'])) { - echo ''; - } - else - { - GiglogAdmin_Venue::create($_POST['venuename'],$_POST['venuecity']); - echo ''; - } + if (isset($_POST['newvenue'])) { + GiglogAdmin_NewVenueForm::update(); + return; } } } -- cgit v1.2.3