Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Re-Enable nonce check within rendercallback of dynamic block #24

Open
Tracked by #2
carstingaxion opened this issue Dec 20, 2023 · 0 comments
Open
Tracked by #2

Re-Enable nonce check within rendercallback of dynamic block #24

carstingaxion opened this issue Dec 20, 2023 · 0 comments
Labels
bug Something isn't working security Issues that have security implications

Comments

@carstingaxion
Copy link
Member

// Check nonce for security.
// phpcs:ignore WordPress.Security.NonceVerification.Recommended
if ( //( \defined( 'DOING_AJAX' ) && \DOING_AJAX ) 
// && false !== \check_ajax_referer( 'update-post_' . $block->context['postId'], '_wpnonce' )
//&& 
// isset( $_REQUEST['_wpnonce'] ) && wp_verify_nonce( $_REQUEST['_wpnonce'], 'wpdocs-my-nonce' )
isset( $_GET['metaFieldValue'] )
&& ! empty( $_GET['metaFieldValue'] )
&& \is_string( $_GET['metaFieldValue'] )
) {
	$meta_field_value = sanitize_text_field( wp_unslash( $_GET['metaFieldValue'] ) );
}

// Check nonce for security.
if (
// ( \defined( 'DOING_AJAX' ) && \DOING_AJAX )
// && false !== \check_ajax_referer( 'update-post_' . $block->context['postId'], '_wpnonce' )
// &&
isset( $_GET['metaFieldValue'] )
&& ! empty( $_GET['metaFieldValue'] )
&& \is_string( $_GET['metaFieldValue'] )
) {
$meta_field_value = sanitize_text_field( wp_unslash( $_GET['metaFieldValue'] ) );
}
// Using the '$_GET['metaFieldValue']' helps the <ServerSideRenderer>

@carstingaxion carstingaxion added bug Something isn't working security Issues that have security implications labels Dec 20, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working security Issues that have security implications
Projects
Status: No status
Development

No branches or pull requests

1 participant