Switching to check_ajax_referer for nonce verification.

WordPress · Apr 20, 2020 · bbc30fd · bbc30fd
1 parent 9b352f1
commit bbc30fd
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 26 deletions.
diff --git a/functions.php b/functions.php
@@ -1345,23 +1345,15 @@ function wp_autoupdates_themes_bulk_actions_handle( $redirect_to, $doaction, $it
  * Disable auto updates via Ajax.
  */
 function wp_autoupdates_disable_auto_updates() {
-	$nonce = sanitize_text_field( $_POST['nonce'] );
 	$type  = sanitize_text_field( $_POST['type'] );
 	$asset = sanitize_text_field( urldecode( $_POST['asset'] ) );
-	if ( ! wp_verify_nonce(
-		$nonce,
+	check_ajax_referer(
 		sprintf(
 			'autoupdate-%s_%s',
 			$type,
 			$asset
 		)
-	) ) {
-		wp_send_json_error(
-			array(
-				'error' => __( 'Nonce verification failed.', 'wp-autoupdate' ),
-			)
-		);
-	}
+	);
 
 	// Capability check.
 	if ( 'plugin' === $type ) {
@@ -1480,23 +1472,15 @@ function wp_autoupdates_disable_auto_updates() {
  * Enable auto updates via Ajax.
  */
 function wp_autoupdates_enable_auto_updates() {
-	$nonce = sanitize_text_field( $_POST['nonce'] );
 	$type  = sanitize_text_field( $_POST['type'] );
 	$asset = sanitize_text_field( urldecode( $_POST['asset'] ) );
-	if ( ! wp_verify_nonce(
-		$nonce,
+	check_ajax_referer(
 		sprintf(
 			'autoupdate-%s_%s',
 			$type,
 			$asset
 		)
-	) ) {
-		wp_send_json_error(
-			array(
-				'error' => __( 'Nonce verification failed.', 'wp-autoupdate' ),
-			)
-		);
-	}
+	);
 
 	// Capability check.
 	if ( 'plugin' === $type ) {

diff --git a/js/wp-autoupdates.js b/js/wp-autoupdates.js
@@ -14,7 +14,7 @@ jQuery(function ($) {
 			ajaxurl,
 			{
 				action: 'disable_auto_updates',
-				nonce: href._wpnonce,
+				_ajax_nonce: href._wpnonce,
 				type: 'plugin',
 				asset: href.plugin
 			},
@@ -50,7 +50,7 @@ jQuery(function ($) {
 			ajaxurl,
 			{
 				action: 'enable_auto_updates',
-				nonce: href._wpnonce,
+				_ajax_nonce: href._wpnonce,
 				type: 'plugin',
 				asset: href.plugin
 			},
@@ -86,7 +86,7 @@ jQuery(function ($) {
 			ajaxurl,
 			{
 				action: 'disable_auto_updates',
-				nonce: href._wpnonce,
+				_ajax_nonce: href._wpnonce,
 				type: 'theme',
 				asset: href.theme
 			},
@@ -122,7 +122,7 @@ jQuery(function ($) {
 			ajaxurl,
 			{
 				action: 'enable_auto_updates',
-				nonce: href._wpnonce,
+				_ajax_nonce: href._wpnonce,
 				type: 'theme',
 				asset: href.theme
 			},
@@ -158,7 +158,7 @@ jQuery(function ($) {
 			ajaxurl,
 			{
 				action: 'disable_auto_updates',
-				nonce: href._wpnonce,
+				_ajax_nonce: href._wpnonce,
 				type: 'theme',
 				asset: href.theme
 			},
@@ -192,7 +192,7 @@ jQuery(function ($) {
 			ajaxurl,
 			{
 				action: 'enable_auto_updates',
-				nonce: href._wpnonce,
+				_ajax_nonce: href._wpnonce,
 				type: 'theme',
 				asset: href.theme
 			},