Commit af70ab29 authored by KR Moorhouse's avatar KR Moorhouse Committed by GitHub

Revert "create unique nonce values for each form render"

parent b9c7ffd6
......@@ -113,7 +113,6 @@ define([], function() {
var data = {
'action': 'nf_ajax_submit',
'security': nfFrontEnd.ajaxNonce,
'nonce_ts': nfFrontEnd.nonce_ts,
'formData': formData
}
......
......@@ -50,15 +50,13 @@ jQuery( document ).ready( function( $ ) {
var NinjaForms = Marionette.Application.extend({
forms: {},
initialize: function( options ) {
var that = this;
Marionette.Renderer.render = function(template, data){
var template = that.template( template );
return template( data );
};
// generate new, unique nonce
this.getNonce();
// Underscore one-liner for getting URL Parameters
this.urlParameters = _.object(_.compact(_.map(location.search.slice(1).split('&'), function(item) { if (item) return item.split('='); })));
......@@ -128,43 +126,6 @@ jQuery( document ).ready( function( $ ) {
}
},
/**
* This function retrieves a new, unique nonce so that we avoid
* giving the user a nonce that could possibly expire before
* they finish filling out the form.
* @since 3.2
*/
getNonce: function() {
var data = {
'action': 'nf_ajax_get_new_nonce',
};
jQuery.ajax({
url: nfFrontEnd.adminAjax,
type: 'POST',
data: data,
cache: false,
success: function( data, textStatus, jqXHR ) {
try {
data = JSON.parse( data );
var response = data.data;
// set the new nonce value
nfFrontEnd.ajaxNonce = response.new_nonce;
// set the nonce timestamp so that we can check it
nfFrontEnd.nonce_ts = response.nonce_ts;
} catch( e ) {
console.log( 'Parse Error' );
}
},
error: function( jqXHR, textStatus, errorThrown ) {
// Handle errors here
console.log('ERRORS: ' + textStatus);
}
});
},
template: function( template ) {
return _.template( $( template ).html(), {
evaluate: /<#([\s\S]+?)#>/g,
......
This source diff could not be displayed because it is too large. You can view the blob instead.
This diff is collapsed.
......@@ -8,7 +8,6 @@ class NF_AJAX_Controllers_Form extends NF_Abstracts_Controller
{
add_action( 'plugins_loaded', array( $this, 'plugins_loaded' ) );
add_action( 'wp_ajax_nf_ajax_get_new_nonce', array( $this, 'get_new_nonce' ) );
add_action( 'wp_ajax_nf_save_form', array( $this, 'save' ) );
add_action( 'wp_ajax_nf_delete_form', array( $this, 'delete' ) );
}
......@@ -139,23 +138,4 @@ class NF_AJAX_Controllers_Form extends NF_Abstracts_Controller
$this->_respond();
}
/**
* Let's generate a unique nonce for each form render so that we don't get
* caught with an expiring nonce accidentally and fail to allow a submission
* @since 3.2
*/
public function get_new_nonce() {
// get a timestamp to append to nonce name
$current_time_stamp = time();
// Let's generate a unique nonce
$new_nonce_name = 'ninja_forms_display_nonce_' . $current_time_stamp;
$res = array(
'new_nonce' => wp_create_nonce( $new_nonce_name ),
'nonce_ts' => $current_time_stamp );
$this->_respond( $res );
}
}
......@@ -34,15 +34,7 @@ class NF_AJAX_Controllers_Submission extends NF_Abstracts_Controller
public function submit()
{
$nonce_name = 'ninja_forms_display_nonce';
/**
* We've got to get the 'nonce_ts' to append to the nonce name to get
* the unique nonce we created
* */
if( isset( $_REQUEST[ 'nonce_ts' ] ) && 0 < strlen( $_REQUEST[ 'nonce_ts' ] ) ) {
$nonce_name = $nonce_name . "_" . $_REQUEST[ 'nonce_ts' ];
}
check_ajax_referer( $nonce_name, 'security' );
check_ajax_referer( 'ninja_forms_display_nonce', 'security' );
register_shutdown_function( array( $this, 'shutdown' ) );
......
......@@ -575,6 +575,7 @@ final class NF_Display_Render
wp_localize_script( 'nf-front-end', 'nfi18n', Ninja_Forms::config( 'i18nFrontEnd' ) );
$data = apply_filters( 'ninja_forms_render_localize_script_data', array(
'ajaxNonce' => wp_create_nonce( 'ninja_forms_display_nonce' ),
'adminAjax' => admin_url( 'admin-ajax.php' ),
'requireBaseUrl' => Ninja_Forms::$url . 'assets/js/',
'use_merge_tags' => array(),
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment