Passed
Pull Request — dev/2.4.3 (#294)
by Sudar
10:19 queued 05:24
created

NonceChecker   A

Complexity

Total Complexity 20

Size/Duplication

Total Lines 93
Duplicated Lines 0 %

Test Coverage

Coverage 0%

Importance

Changes 4
Bugs 0 Features 0
Metric Value
eloc 30
c 4
b 0
f 0
dl 0
loc 93
ccs 0
cts 32
cp 0
rs 10
wmc 20

2 Methods

Rating   Name   Duplication   Size   Complexity  
A load() 0 2 1
D check_nonce() 0 73 19
1
<?php namespace EmailLog\Core\Request;
2
3
use EmailLog\Core\Loadie;
4
use EmailLog\Core\UI\Page\LogListPage;
5
6
defined( 'ABSPATH' ) || exit; // Exit if accessed directly.
7
8
/**
9
 * Check nonce for all Email Log requests.
10
 *
11
 * @since 2.0.0
12
 */
13
class NonceChecker implements Loadie {
14
15
	/**
16
	 * Setup hooks.
17
	 *
18
	 * @inheritdoc
19
	 */
20
	public function load() {
21
		add_action( 'admin_init', array( $this, 'check_nonce' ) );
22
	}
23
24
	/**
25
	 * Check nonce for all Email Log Requests.
26
	 * All Email Log Requests will have the `el_` prefix and
27
	 * nonce would be available at `el_{action_name}_nonce`.
28
	 *
29
	 * Bulk Action keys.
30
	 * action => Bulk actions from the top dropdown.
31
	 * action2 => Bulk actions from the bottom dropdown.
32
	 */
33
	public function check_nonce() {
34
		if ( ! isset( $_POST['el-action'] ) && ! isset( $_REQUEST['action'] ) && ! isset( $_REQUEST['action2'] ) ) {
35
			return;
36
		}
37
38
		if ( isset( $_POST['el-action'] ) ) {
39
			$action = sanitize_text_field( $_POST['el-action'] );
40
41
			if ( ! isset( $_POST[ $action . '_nonce' ] ) ) {
42
				return;
43
			}
44
45
			if ( ! wp_verify_nonce( $_POST[ $action . '_nonce' ], $action ) ) {
46
				return;
47
			}
48
		}
49
50
		if ( isset( $_REQUEST['action'] ) || isset( $_REQUEST['action2'] ) ) {
51
			$action = sanitize_text_field( $_REQUEST['action'] );
52
53
			if ( '-1' === $action ) {
54
				if ( ! isset( $_REQUEST['action2'] ) ) {
55
					return;
56
				}
57
58
				$action = sanitize_text_field( $_REQUEST['action2'] );
59
			}
60
61
			if ( strpos( $action, 'el-log-list-' ) !== 0 && strpos( $action, 'el-cron-' ) !== 0 ) {
62
				return;
63
			}
64
65
			if ( strpos( $action, 'el-log-list-' ) === 0 ) {
66
				if ( ! isset( $_REQUEST[ LogListPage::LOG_LIST_ACTION_NONCE_FIELD ] ) ) {
67
					return;
68
				}
69
70
				if ( ! wp_verify_nonce( $_REQUEST[ LogListPage::LOG_LIST_ACTION_NONCE_FIELD ], LogListPage::LOG_LIST_ACTION_NONCE ) ) {
71
					return;
72
				}
73
			}
74
75
			if ( strpos( $action, 'el-cron-' ) === 0 ) {
76
				if ( ! isset( $_REQUEST[ $action . '-nonce-field' ] ) ) {
77
					return;
78
				}
79
80
				if ( ! wp_verify_nonce( $_REQUEST[ $action . '-nonce-field' ], $action . '-nonce' ) ) {
81
					return;
82
				}
83
			}
84
		}
85
86
		/**
87
		 * Perform `el` action.
88
		 * Nonce check has already happened at this point.
89
		 *
90
		 * @since 2.0.0
91
		 *
92
		 * @param string $action   Action name.
93
		 * @param array  $_REQUEST Request data.
94
		 */
95
		do_action( 'el_action', $action, $_REQUEST );
0 ignored issues
show
Comprehensibility Best Practice introduced by
The variable $action does not seem to be defined for all execution paths leading up to this point.
Loading history...
96
97
		/**
98
		 * Perform `el` action.
99
		 * Nonce check has already happened at this point.
100
		 *
101
		 * @since 2.0.0
102
		 *
103
		 * @param array $_REQUEST Request data.
104
		 */
105
		do_action( $action, $_REQUEST );
106
	}
107
}
108