| | |
|---|
| | | } |
|---|
| | | |
|---|
| | | if (!wp_verify_nonce($nonce, $action)) { |
|---|
| | | error_log('[PermissionHandler] Validating nonce....'); |
|---|
| | | error_log('Nonce: '.print_r($nonce, true)); |
|---|
| | | error_log('Action: '.print_r($action, true)); |
|---|
| | | return new WP_Error( |
|---|
| | | 'invalid_nonce', |
|---|
| | | 'Invalid or expired security token', |
|---|
| | |
|---|
| | | /** |
|---|
| | | * Verify action-specific nonce (e.g., 'dash-{user_id}') |
|---|
| | | */ |
|---|
| | | public static function verifyActionNonce(WP_REST_Request $request, string $actionPrefix, string $header = 'action_nonce'): bool|WP_Error |
|---|
| | | public static function verifyActionNonce(WP_REST_Request $request, string $actionPrefix, string $header = 'X-Action-Nonce'): bool|WP_Error |
|---|
| | | { |
|---|
| | | $userId = $request->get_param('user') ?: get_current_user_id(); |
|---|
| | | $userId = absint($request->get_param('user')); |
|---|
| | | if ($userId === 0) { |
|---|
| | | return false; |
|---|
| | | } |
|---|
| | | |
|---|
| | | $action = $actionPrefix . $userId; |
|---|
| | | |
|---|
| | | return self::verifyNonce($request, $action, $header); |
|---|
