Skip to content
Permalink
Browse files

Added nonce to delete feature

  • Loading branch information...
MJGrant committed Jun 13, 2019
1 parent 56823a7 commit 0ee8a8a59cf32c5fe2b563ce5912a7cc193bc69e
Showing with 12 additions and 7 deletions.
  1. +9 −4 amazin-product-box/amazin-product-box.php
  2. +3 −3 amazin-product-box/scripts.js
@@ -16,7 +16,7 @@
add_action( 'wp_ajax_amazin_delete_post', 'amazin_delete_post' );
$jsurl = plugin_dir_url(__FILE__) . 'scripts.js';
wp_enqueue_script('scripts', $jsurl, array('jquery'), 1.21);
wp_enqueue_script('scripts', $jsurl, array('jquery'), 1.31);
wp_localize_script('scripts', 'MyAjax', array('ajaxurl' => admin_url('admin-ajax.php') ) );
} else {
// non-admin enqueues, actions, and filters
@@ -113,7 +113,7 @@ function amazin_render_table() {
<td><?php echo get_the_title($id); ?></td>
<td><?php echo get_the_author_meta( 'display_name', $productBox->post_author ); ?></td>
<td><?php echo get_the_modified_time('M d, Y h:i:s A', $id ); ?></td>
<td><input type="button" id="<?php echo $id; ?>" class="edit-button" value="Edit"/> <input type="button" id="<?php echo $id; ?>" class="delete-button" value="Delete"/></td>
<td><input type="button" id="<?php echo $id; ?>" class="edit-button" value="Edit"/> <input type="button" id="<?php echo $id; ?>" class="delete-button" nonce="<?php echo wp_create_nonce('amazin_delete_post_nonce') ?>" value="Delete"/></td>
</tr>
<?php endforeach; wp_reset_postdata(); ?>
<?php endif; ?>
@@ -177,8 +177,13 @@ function post_new_product_box() {
}
function amazin_delete_post( ) {
wp_delete_post($_REQUEST['id']);
echo 'success';
$permission = wp_verify_nonce( $_POST['nonce'], 'amazin_delete_post_nonce' );
if ( $permission == false ) {
echo 'error';
} else {
wp_delete_post($_REQUEST['id']);
echo 'success';
}
die();
}
?>
@@ -1,23 +1,23 @@
jQuery ( document ).ready ( function ( $ ) {
'use strict';
$ ( '#admin-table').on( 'click', '.delete-button', function(e) {
console.log("Gonna delete a product box with ID:", e.target.id);
var id = e.target.id;
var tableRow = "#row-"+id;
var nonce = e.target.nonce;

$.ajax({
type: 'post',
url: MyAjax.ajaxurl,
data: {
action: 'amazin_delete_post',
nonce: nonce,
id: id
},
success: function ( result ) {
if ( result === 'success' ) {
$ ( tableRow ).fadeOut( function() {
tableRow.remove();
$ ( tableRow ).remove();
});
console.log("successfully removed post");
}
}
});

0 comments on commit 0ee8a8a

Please sign in to comment.
You can’t perform that action at this time.