Merge pull request #1261 from Codeinwp/bugfix/fix-chart-creation-nonce-clean

vytisbulkevicius · web-flow · commit 7414479845b0 · 2026-03-04T12:06:50.000+02:00
Fix chart creation nonce verification mismatch
diff --git a/classes/Visualizer/Gutenberg/Block.php b/classes/Visualizer/Gutenberg/Block.php
@@ -668,7 +668,7 @@ public function update_chart_data( $data ) {
 
 			if ( Visualizer_Module::is_pro() ) {
 				$permissions_data = map_deep( $data['visualizer-permissions'], array( $this, 'sanitize_value' ) );
-				update_post_meta( $data['id'], Visualizer_PRO::CF_PERMISSIONS, $permissions_data );
+				update_post_meta( $data['id'], Visualizer_Pro::CF_PERMISSIONS, $permissions_data );
 			}
 
 			if ( $data['visualizer-chart-url'] ) {
diff --git a/classes/Visualizer/Module/Chart.php b/classes/Visualizer/Module/Chart.php
@@ -955,7 +955,7 @@ private function _handleDataAndSettingsPage() {
 	 */
 	private function _handleTypesPage() {
 		// process post request
-		if ( $_SERVER['REQUEST_METHOD'] === 'POST' && wp_verify_nonce( filter_input( INPUT_POST, 'nonce' ) ) ) {
+		if ( $_SERVER['REQUEST_METHOD'] === 'POST' && wp_verify_nonce( filter_input( INPUT_POST, 'nonce' ), 'visualizer-upload-data' ) ) {
 			$type = filter_input( INPUT_POST, 'type' );
 			$library = filter_input( INPUT_POST, 'chart-library' );
 			if ( Visualizer_Module_Admin::checkChartStatus( $type ) ) {
diff --git a/classes/Visualizer/Render/Layout.php b/classes/Visualizer/Render/Layout.php
@@ -980,7 +980,7 @@ class="dashicons dashicons-lock"></span></h2>
 													add_query_arg(
 														array(
 															'action' => Visualizer_Module::is_pro() ? Visualizer_Pro::ACTION_FETCH_DATA : '',
-															'nonce'  => wp_create_nonce( Visualizer_Pro::ACTION_FETCH_DATA ),
+															'nonce'  => Visualizer_Module::is_pro() ? wp_create_nonce( Visualizer_Pro::ACTION_FETCH_DATA ) : wp_create_nonce(),
 														),
 														admin_url( 'admin-ajax.php' )
 													)

Original file line number	Diff line number	Diff line change
`@@ -668,7 +668,7 @@ public function update_chart_data( $data ) {`
`668`	`668`
`669`	`669`	`if ( Visualizer_Module::is_pro() ) {`
`670`	`670`	`$permissions_data = map_deep( $data['visualizer-permissions'], array( $this, 'sanitize_value' ) );`
`671`		`- update_post_meta( $data['id'], Visualizer_PRO::CF_PERMISSIONS, $permissions_data );`
	`671`	`+ update_post_meta( $data['id'], Visualizer_Pro::CF_PERMISSIONS, $permissions_data );`
`672`	`672`	`}`
`673`	`673`
`674`	`674`	`if ( $data['visualizer-chart-url'] ) {`
Original file line number	Diff line number	Diff line change
`@@ -980,7 +980,7 @@ class="dashicons dashicons-lock"></span></h2>`
`980`	`980`	`add_query_arg(`
`981`	`981`	`array(`
`982`	`982`	`'action' => Visualizer_Module::is_pro() ? Visualizer_Pro::ACTION_FETCH_DATA : '',`
`983`		`- 'nonce' => wp_create_nonce( Visualizer_Pro::ACTION_FETCH_DATA ),`
	`983`	`+ 'nonce' => Visualizer_Module::is_pro() ? wp_create_nonce( Visualizer_Pro::ACTION_FETCH_DATA ) : wp_create_nonce(),`
`984`	`984`	`),`
`985`	`985`	`admin_url( 'admin-ajax.php' )`
`986`	`986`	`)`