PluginProbe ʕ •ᴥ•ʔ
JetFormBuilder — Dynamic Blocks Form Builder / 3.2.3
JetFormBuilder — Dynamic Blocks Form Builder v3.2.3
3.6.3.1 3.6.3 3.6.2.2 3.6.2.1 3.6.2 3.6.1.1 3.6.1 3.6.0.1 trunk 1.0.0 1.0.1 1.0.2 1.0.3 1.1.0 1.1.1 1.1.2 1.1.3 1.1.4 1.1.5 1.1.6 1.1.7 1.2.0 1.2.1 1.2.2 1.2.3 1.2.4 1.2.5 1.2.6 1.2.7 1.3.0 1.3.1 1.3.2 1.3.3 1.4.0 1.4.1 1.4.2 1.4.3 1.5.0 1.5.1 1.5.2 1.5.3 1.5.4 1.5.5 2.0.0 2.0.1 2.0.2 2.0.3 2.0.4 2.0.5 2.0.6 2.1.0 2.1.1 2.1.10 2.1.11 2.1.2 2.1.3 2.1.4 2.1.5 2.1.6 2.1.7 2.1.8 2.1.9 3.0.0 3.0.0.1 3.0.0.2 3.0.0.3 3.0.1 3.0.1.1 3.0.2 3.0.3 3.0.4 3.0.5 3.0.6 3.0.7 3.0.8 3.0.9 3.1.0 3.1.0.1 3.1.1 3.1.2 3.1.3 3.1.4 3.1.5 3.1.6 3.1.7 3.1.8 3.1.9 3.2.0 3.2.1 3.2.2 3.2.3 3.3.0 3.3.1 3.3.2 3.3.3 3.3.3.1 3.3.4 3.3.4.1 3.3.4.2 3.4.0 3.4.1 3.4.2 3.4.3 3.4.4 3.4.5 3.4.5.1 3.4.5.2 3.4.6 3.4.7 3.4.7.1 3.5.0 3.5.1 3.5.1.1 3.5.1.2 3.5.2 3.5.2.1 3.5.3 3.5.4 3.5.5 3.5.6 3.5.6.1 3.5.6.2 3.5.6.3 3.6.0
jetformbuilder / modules / security / wp-nonce / module.php
jetformbuilder / modules / security / wp-nonce Last commit date
module.php 2 years ago
module.php
105 lines
1 <?php
2
3
4 namespace JFB_Modules\Security\Wp_Nonce;
5
6 use JFB_Components\Module\Base_Module_It;
7 use JFB_Modules\Security\Exceptions\Spam_Exception;
8
9 // If this file is called directly, abort.
10 if ( ! defined( 'WPINC' ) ) {
11 die;
12 }
13
14 class Module implements Base_Module_It {
15
16 const KEY = '_wpnonce';
17 const NONCE_ACTION_PREF = 'jet-form-builder-wp-nonce-';
18
19 public function rep_item_id() {
20 return 'wp-nonce';
21 }
22
23 public function condition(): bool {
24 return true;
25 }
26
27 public function init_hooks() {
28 add_filter(
29 'jet-form-builder/request-handler/request',
30 array( $this, 'handle_request' )
31 );
32 add_filter(
33 'jet-form-builder/message-types',
34 array( $this, 'handle_messages' )
35 );
36 add_filter(
37 'jet-form-builder/after-start-form',
38 array( $this, 'on_render_form' )
39 );
40 }
41
42 public function remove_hooks() {
43 remove_filter(
44 'jet-form-builder/request-handler/request',
45 array( $this, 'handle_request' )
46 );
47 remove_filter(
48 'jet-form-builder/message-types',
49 array( $this, 'handle_messages' )
50 );
51 remove_filter(
52 'jet-form-builder/after-start-form',
53 array( $this, 'on_render_form' )
54 );
55 }
56
57 public function on_render_form( string $html ): string {
58 if ( ! jet_fb_live_args()->is_use_nonce() ) {
59 return $html;
60 }
61
62 return ( $html . $this->get_nonce_field() );
63 }
64
65 public function get_nonce_id(): string {
66 $form_id = jet_fb_live_args()->form_id;
67
68 return self::NONCE_ACTION_PREF . $form_id;
69 }
70
71 public function get_nonce_field(): string {
72 return wp_nonce_field( $this->get_nonce_id(), self::KEY, true, false );
73 }
74
75 public function verify( $nonce ): bool {
76 return ( ! jet_fb_live_args()->is_use_nonce() || wp_verify_nonce( $nonce, $this->get_nonce_id() ) );
77 }
78
79 /**
80 * @param array $request
81 *
82 * @return array
83 * @throws Spam_Exception
84 */
85 public function handle_request( array $request ): array {
86 $nonce = $request[ self::KEY ] ?? '';
87
88 if ( ! $this->verify( $nonce ) ) {
89 throw new Spam_Exception( 'nonce_failed' );
90 }
91
92 return $request;
93 }
94
95 public function handle_messages( array $messages ): array {
96 $messages['nonce_failed'] = array(
97 'label' => __( 'WP nonce validation failed', 'jet-form-builder' ),
98 'value' => __( 'Invalid nonce', 'jet-form-builder' ),
99 );
100
101 return $messages;
102 }
103
104 }
105