Skip to content

Commit

Permalink
fix: nonce verification issue is fixed #518 (#519)
Browse files Browse the repository at this point in the history
  • Loading branch information
@saimonh3 @sabbir1991
saimonh3 authored and sabbir1991 committed Jan 10, 2019
1 parent 2b1ddd4 commit 7d82fdf
Showing 1 changed file with 6 additions and 15 deletions.
21 changes: 6 additions & 15 deletions includes/class-registration.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -55,6 +55,11 @@ public function render_shortcode() {
* @return \WP_Error
*/
function validate_registration( $error ) {

if ( is_checkout() ) {
return $error;
}

$post_data = wp_unslash( $_POST );

$nonce_value = isset( $post_data['_wpnonce'] ) ? $post_data['_wpnonce'] : '';
Expand Down Expand Up @@ -100,13 +105,6 @@ function validate_registration( $error ) {
function set_new_vendor_names( $data ) {
$post_data = wp_unslash( $_POST );

$nonce_value = isset( $post_data['_wpnonce'] ) ? $post_data['_wpnonce'] : '';
$nonce_value = isset( $post_data['woocommerce-register-nonce'] ) ? $post_data['woocommerce-register-nonce'] : $nonce_value;

if ( ! wp_verify_nonce( $nonce_value, 'woocommerce-register' ) ) {
return new WP_Error( 'nonce_verification_failed', __( 'Nonce verification failed', 'dokan-lite' ) );
}

$allowed_roles = array( 'customer', 'seller' );
$role = ( isset( $post_data['role'] ) && in_array( $post_data['role'], $allowed_roles ) ) ? $post_data['role'] : 'customer';

Expand Down Expand Up @@ -134,14 +132,7 @@ function set_new_vendor_names( $data ) {
function save_vendor_info( $user_id, $data ) {
$post_data = wp_unslash( $_POST );

$nonce_value = isset( $post_data['_wpnonce'] ) ? $post_data['_wpnonce'] : '';
$nonce_value = isset( $post_data['woocommerce-register-nonce'] ) ? $post_data['woocommerce-register-nonce'] : $nonce_value;

if ( ! wp_verify_nonce( $nonce_value, 'woocommerce-register' ) ) {
return new WP_Error( 'nonce_verification_failed', __( 'Nonce verification failed', 'dokan-lite' ) );
}

if ( $data['role'] != 'seller' ) {
if ( ! isset( $data['role'] ) || $data['role'] != 'seller' ) {
return;
}

Expand Down

0 comments on commit 7d82fdf

Please sign in to comment.