audit clean-up
add 'no dates' logic
This commit is contained in:
@@ -59,12 +59,6 @@ class HSSM_Frontend {
|
||||
add_action( 'wp_ajax_hssm_get_notification_settings', array( $this, 'ajax_get_notification_settings' ) );
|
||||
add_action( 'wp_ajax_hssm_save_notification_settings', array( $this, 'ajax_save_notification_settings' ) );
|
||||
|
||||
// Test handler to verify AJAX is working
|
||||
add_action( 'wp_ajax_hssm_test', array( $this, 'ajax_test' ) );
|
||||
add_action( 'wp_ajax_nopriv_hssm_test', array( $this, 'ajax_test' ) );
|
||||
|
||||
// Debug: Log that handlers are being registered
|
||||
error_log( 'HSSM: AJAX handlers registered including hssm_get_slides' );
|
||||
|
||||
// Frontend assets
|
||||
add_action( 'wp_enqueue_scripts', array( $this, 'enqueue_assets' ) );
|
||||
@@ -297,8 +291,7 @@ class HSSM_Frontend {
|
||||
* @since 1.0.0
|
||||
*/
|
||||
public function ajax_upload_image() {
|
||||
// Verify nonce and permissions
|
||||
if ( ! wp_verify_nonce( $_POST['nonce'], 'hssm_dashboard_nonce' ) || ! current_user_can( 'upload_files' ) ) {
|
||||
if ( ! isset( $_POST['nonce'] ) || ! wp_verify_nonce( sanitize_text_field( wp_unslash( $_POST['nonce'] ) ), 'hssm_dashboard_nonce' ) || ! current_user_can( 'upload_files' ) ) {
|
||||
wp_send_json_error( array( 'message' => 'Unauthorized' ) );
|
||||
return;
|
||||
}
|
||||
@@ -332,8 +325,7 @@ class HSSM_Frontend {
|
||||
* @since 1.0.0
|
||||
*/
|
||||
public function ajax_preview_slides() {
|
||||
// Verify nonce and permissions
|
||||
if ( ! wp_verify_nonce( $_POST['nonce'], 'hssm_dashboard_nonce' ) || ! current_user_can( 'read' ) ) {
|
||||
if ( ! isset( $_POST['nonce'] ) || ! wp_verify_nonce( sanitize_text_field( wp_unslash( $_POST['nonce'] ) ), 'hssm_dashboard_nonce' ) || ! current_user_can( 'read' ) ) {
|
||||
wp_send_json_error( array( 'message' => 'Unauthorized' ) );
|
||||
return;
|
||||
}
|
||||
@@ -347,9 +339,21 @@ class HSSM_Frontend {
|
||||
$meta_query = array(
|
||||
'relation' => 'AND',
|
||||
array(
|
||||
'key' => '_hssm_start_date',
|
||||
'value' => $date,
|
||||
'compare' => '<=',
|
||||
'relation' => 'OR',
|
||||
array(
|
||||
'key' => '_hssm_start_date',
|
||||
'value' => '',
|
||||
'compare' => '=',
|
||||
),
|
||||
array(
|
||||
'key' => '_hssm_start_date',
|
||||
'value' => $date,
|
||||
'compare' => '<=',
|
||||
),
|
||||
array(
|
||||
'key' => '_hssm_start_date',
|
||||
'compare' => 'NOT EXISTS',
|
||||
),
|
||||
),
|
||||
array(
|
||||
'relation' => 'OR',
|
||||
@@ -406,9 +410,9 @@ class HSSM_Frontend {
|
||||
* @since 1.0.0
|
||||
*/
|
||||
public function ajax_save_slide() {
|
||||
// Verify nonce and permissions
|
||||
if ( ! wp_verify_nonce( $_POST['nonce'], 'hssm_dashboard_nonce' ) || ! $this->check_dashboard_access() ) {
|
||||
if ( ! isset( $_POST['nonce'] ) || ! wp_verify_nonce( sanitize_text_field( wp_unslash( $_POST['nonce'] ) ), 'hssm_dashboard_nonce' ) || ! $this->check_dashboard_access() ) {
|
||||
wp_send_json_error( array( 'message' => 'Unauthorized' ) );
|
||||
return;
|
||||
}
|
||||
|
||||
// Sanitize and validate input
|
||||
@@ -678,7 +682,7 @@ class HSSM_Frontend {
|
||||
* @since 1.0.0
|
||||
*/
|
||||
public function ajax_get_slides() {
|
||||
if ( ! isset( $_POST['nonce'] ) || ! wp_verify_nonce( $_POST['nonce'], 'hssm_dashboard_nonce' ) ) {
|
||||
if ( ! isset( $_POST['nonce'] ) || ! wp_verify_nonce( sanitize_text_field( wp_unslash( $_POST['nonce'] ) ), 'hssm_dashboard_nonce' ) ) {
|
||||
wp_send_json_error( array( 'message' => 'Nonce verification failed' ) );
|
||||
return;
|
||||
}
|
||||
@@ -855,13 +859,12 @@ class HSSM_Frontend {
|
||||
* @since 1.0.0
|
||||
*/
|
||||
public function ajax_approve_slide() {
|
||||
if ( ! isset( $_POST['nonce'] ) || ! wp_verify_nonce( $_POST['nonce'], 'hssm_dashboard_nonce' ) ) {
|
||||
if ( ! isset( $_POST['nonce'] ) || ! wp_verify_nonce( sanitize_text_field( wp_unslash( $_POST['nonce'] ) ), 'hssm_dashboard_nonce' ) ) {
|
||||
wp_send_json_error( array( 'message' => 'Nonce verification failed' ) );
|
||||
return;
|
||||
}
|
||||
error_log( 'Approve slide AJAX called' );
|
||||
|
||||
if ( empty( $_POST['slide_id'] ) ) {
|
||||
if ( ! isset( $_POST['slide_id'] ) || '' === trim( (string) $_POST['slide_id'] ) ) {
|
||||
wp_send_json_error( array( 'message' => 'Slide ID is required' ) );
|
||||
return;
|
||||
}
|
||||
@@ -918,28 +921,19 @@ class HSSM_Frontend {
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Test AJAX handler to verify AJAX is working
|
||||
*
|
||||
* @since 1.0.0
|
||||
*/
|
||||
public function ajax_test() {
|
||||
error_log( 'AJAX TEST HANDLER CALLED - SUCCESS!' );
|
||||
wp_send_json_success( array( 'message' => 'AJAX is working!' ) );
|
||||
}
|
||||
|
||||
/**
|
||||
* AJAX handler for deleting slides
|
||||
*
|
||||
* @since 1.0.0
|
||||
*/
|
||||
public function ajax_delete_slide() {
|
||||
if ( ! isset( $_POST['nonce'] ) || ! wp_verify_nonce( $_POST['nonce'], 'hssm_dashboard_nonce' ) ) {
|
||||
if ( ! isset( $_POST['nonce'] ) || ! wp_verify_nonce( sanitize_text_field( wp_unslash( $_POST['nonce'] ) ), 'hssm_dashboard_nonce' ) ) {
|
||||
wp_send_json_error( array( 'message' => 'Nonce verification failed' ) );
|
||||
return;
|
||||
}
|
||||
if ( empty( $_POST['slide_id'] ) ) {
|
||||
if ( ! isset( $_POST['slide_id'] ) || '' === trim( (string) $_POST['slide_id'] ) ) {
|
||||
wp_send_json_error( array( 'message' => 'Slide ID is required' ) );
|
||||
return;
|
||||
}
|
||||
|
||||
$slide_id = intval( $_POST['slide_id'] );
|
||||
@@ -970,12 +964,13 @@ class HSSM_Frontend {
|
||||
* @since 1.0.0
|
||||
*/
|
||||
public function ajax_update_slide() {
|
||||
if ( ! isset( $_POST['nonce'] ) || ! wp_verify_nonce( $_POST['nonce'], 'hssm_dashboard_nonce' ) ) {
|
||||
if ( ! isset( $_POST['nonce'] ) || ! wp_verify_nonce( sanitize_text_field( wp_unslash( $_POST['nonce'] ) ), 'hssm_dashboard_nonce' ) ) {
|
||||
wp_send_json_error( array( 'message' => 'Nonce verification failed' ) );
|
||||
return;
|
||||
}
|
||||
if ( empty( $_POST['slide_id'] ) ) {
|
||||
if ( ! isset( $_POST['slide_id'] ) || '' === trim( (string) $_POST['slide_id'] ) ) {
|
||||
wp_send_json_error( array( 'message' => 'Slide ID is required' ) );
|
||||
return;
|
||||
}
|
||||
|
||||
$slide_id = intval( $_POST['slide_id'] );
|
||||
@@ -1281,12 +1276,14 @@ class HSSM_Frontend {
|
||||
* @since 1.0.0
|
||||
*/
|
||||
public function ajax_duplicate_slide() {
|
||||
if ( ! isset( $_POST['nonce'] ) || ! wp_verify_nonce( $_POST['nonce'], 'hssm_dashboard_nonce' ) || ! $this->check_dashboard_access() ) {
|
||||
if ( ! isset( $_POST['nonce'] ) || ! wp_verify_nonce( sanitize_text_field( wp_unslash( $_POST['nonce'] ) ), 'hssm_dashboard_nonce' ) || ! $this->check_dashboard_access() ) {
|
||||
wp_send_json_error( array( 'message' => 'Unauthorized' ) );
|
||||
return;
|
||||
}
|
||||
|
||||
if ( empty( $_POST['slide_id'] ) ) {
|
||||
if ( ! isset( $_POST['slide_id'] ) || '' === trim( (string) $_POST['slide_id'] ) ) {
|
||||
wp_send_json_error( array( 'message' => 'Slide ID is required' ) );
|
||||
return;
|
||||
}
|
||||
|
||||
$original_id = intval( $_POST['slide_id'] );
|
||||
@@ -1328,12 +1325,14 @@ class HSSM_Frontend {
|
||||
* @since 1.0.0
|
||||
*/
|
||||
public function ajax_toggle_slide_status() {
|
||||
if ( ! isset( $_POST['nonce'] ) || ! wp_verify_nonce( $_POST['nonce'], 'hssm_dashboard_nonce' ) || ! $this->check_dashboard_access() ) {
|
||||
if ( ! isset( $_POST['nonce'] ) || ! wp_verify_nonce( sanitize_text_field( wp_unslash( $_POST['nonce'] ) ), 'hssm_dashboard_nonce' ) || ! $this->check_dashboard_access() ) {
|
||||
wp_send_json_error( array( 'message' => 'Unauthorized' ) );
|
||||
return;
|
||||
}
|
||||
|
||||
if ( empty( $_POST['slide_id'] ) ) {
|
||||
if ( ! isset( $_POST['slide_id'] ) || '' === trim( (string) $_POST['slide_id'] ) ) {
|
||||
wp_send_json_error( array( 'message' => 'Slide ID is required' ) );
|
||||
return;
|
||||
}
|
||||
|
||||
$slide_id = intval( $_POST['slide_id'] );
|
||||
@@ -1454,13 +1453,25 @@ class HSSM_Frontend {
|
||||
$date_param = isset( $_GET['hssm_date'] ) ? sanitize_text_field( $_GET['hssm_date'] ) : current_time( 'Y-m-d' );
|
||||
$site_param = isset( $_GET['hssm_site'] ) ? sanitize_text_field( $_GET['hssm_site'] ) : '';
|
||||
|
||||
// Apply Meta Query for Date
|
||||
// Apply Meta Query for Date (evergreen: no start/end = always show)
|
||||
$meta_query = array(
|
||||
'relation' => 'AND',
|
||||
array(
|
||||
'key' => '_hssm_start_date',
|
||||
'value' => $date_param,
|
||||
'compare' => '<=',
|
||||
'relation' => 'OR',
|
||||
array(
|
||||
'key' => '_hssm_start_date',
|
||||
'value' => '',
|
||||
'compare' => '=',
|
||||
),
|
||||
array(
|
||||
'key' => '_hssm_start_date',
|
||||
'value' => $date_param,
|
||||
'compare' => '<=',
|
||||
),
|
||||
array(
|
||||
'key' => '_hssm_start_date',
|
||||
'compare' => 'NOT EXISTS',
|
||||
),
|
||||
),
|
||||
array(
|
||||
'relation' => 'OR',
|
||||
|
||||
Reference in New Issue
Block a user