Merge branch 'release/2.0.12'

Author: nurul-umbhiya

assets/js/admin.js

@@ -98,6 +98,9 @@
         loader.show();
         var remote_message = $( '#wcct_remote_notice' );
         wp.ajax.send( 'activate_happy_addons', {
+            data: {
+                _wpnonce: wc_tracking.nonce,
+            },
             success: function( response ) {
                 $('.wcct-notice-wrap').hide();
                 loader.hide();
@@ -114,6 +117,9 @@
     // Dismiss notice
     $('.wcct-notice-wrap').on( 'click', function() {
         wp.ajax.send( 'wcct_dismissable_notice', {
+            data: {
+                _wpnonce: wc_tracking.nonce,
+            },
             success: function( response ) {
                 console.log( 'Success' );
             }

assets/js/admin.min.js

@@ -13,7 +13,7 @@
     "require": {
         "php": ">=7.0",
         "composer/installers": "^1.9",
-        "appsero/client": "dev-develop"
+        "appsero/client": "^2.0"
     },
 
     "require-dev": {

composer.json

@@ -3,12 +3,12 @@
 Plugin Name: WooCommerce Conversion Tracking
 Plugin URI: https://wedevs.com/woocommerce-conversion-tracking/
 Description: Adds various conversion tracking codes to cart, checkout, registration success and product page on WooCommerce
-Version: 2.0.11
+Version: 2.0.12
 Author: weDevs
 Author URI: https://wedevs.com/?utm_source=ORG_Author_URI_WCCT
 License: GPL2
 WC requires at least: 5.0.0
-WC tested up to: 8.1.0
+WC tested up to: 8.5.1
 */
 
 /**
@@ -54,7 +54,7 @@ class WeDevs_WC_Conversion_Tracking {
      *
      * @var string
      */
-    public $version = '2.0.11';
+    public $version = '2.0.12';
 
     /**
      * Holds various class instances
@@ -266,6 +266,7 @@ public function init_tracker() {
 	public function add_hpos_support() {
 		if ( class_exists( \Automattic\WooCommerce\Utilities\FeaturesUtil::class ) ) {
 			\Automattic\WooCommerce\Utilities\FeaturesUtil::declare_compatibility( 'custom_order_tables', __FILE__, true );
+            \Automattic\WooCommerce\Utilities\FeaturesUtil::declare_compatibility( 'cart_checkout_blocks', __FILE__, true );
 		}
 	}
 

composer.lock

@@ -33,6 +33,7 @@ public function enqueue_scripts() {
         wp_localize_script(
             'wcct-admin', 'wc_tracking', array(
                 'ajaxurl' => admin_url( 'admin-ajax.php' ),
+                'nonce'   => wp_create_nonce( 'wcct-settings' ),
             )
         );
     }

conversion-tracking.php

@@ -21,21 +21,23 @@ public function __construct() {
      * @return void
      */
     public function wcct_save_settings() {
-        if ( ! current_user_can( wcct_manage_cap() ) ) {
+        if ( ! current_user_can( 'manage_options' ) ) {
             return;
         }
-        $nonce = isset( $_REQUEST['_wpnonce'] ) ? sanitize_key( wp_unslash( $_REQUEST['_wpnonce'] ) ) : '';
 
-        if ( ! wp_verify_nonce( $nonce, 'wcct-settings' ) ) {
-            die( 'wcct-settings !' );
+        if ( ! isset( $_REQUEST['_wpnonce'] ) || ! wp_verify_nonce( sanitize_key( wp_unslash( $_REQUEST['_wpnonce'] ) ), 'wcct-settings' ) ) {
+            wp_send_json_error(
+                [
+                    'message' => __( 'nonce verification failed', 'woocommerce-conversion-tracking' )
+                ]
+            );
         }
 
         if ( ! isset( $_POST['settings'] ) ) {
             wp_send_json_error();
         }
 
         $integration_settings = array();
-        // $post_data = isset( $_POST['settings'] ) ? array_map( 'sanitize_text_field', wp_unslash( $_POST['settings'] ) ) : [];
 
         if ( ! empty( $_POST['settings'] ) ) {
 
@@ -61,6 +63,21 @@ public function wcct_save_settings() {
      * @return json
      */
     public function wcct_install_happy_addons() {
+        if ( ! current_user_can( 'manage_options' ) ) {
+            wp_send_json_error(
+                [
+                    'message' => __( 'You do not have permission to install Happy Addons', 'woocommerce-conversion-tracking' )
+                ]
+            );
+        }
+
+        if ( ! isset( $_REQUEST['_wpnonce'] ) || ! wp_verify_nonce( sanitize_key( wp_unslash( $_REQUEST['_wpnonce'] ) ), 'wcct-settings' ) ) {
+            wp_send_json_error(
+                [
+                    'message' => __( 'nonce verification failed', 'woocommerce-conversion-tracking' )
+                ]
+            );
+        }
 
         include_once ABSPATH . 'wp-admin/includes/plugin-install.php';
         include_once ABSPATH . 'wp-admin/includes/class-wp-upgrader.php';
@@ -108,7 +125,19 @@ public function wcct_install_happy_addons() {
      */
     public function wcct_dismissable_notice() {
         if ( ! current_user_can( 'manage_options' ) ) {
-            return;
+            wp_send_json_error(
+                [
+                    'message' => __( 'You do not have permission to install Happy Addons', 'woocommerce-conversion-tracking' )
+                ]
+            );
+        }
+
+        if ( ! isset( $_REQUEST['_wpnonce'] ) || ! wp_verify_nonce( sanitize_key( wp_unslash( $_REQUEST['_wpnonce'] ) ), 'wcct-settings' ) ) {
+            wp_send_json_error(
+                [
+                    'message' => __( 'nonce verification failed', 'woocommerce-conversion-tracking' )
+                ]
+            );
         }
 
         update_option( 'wcct_dismissable_notice', 'closed' );

includes/class-admin.php

@@ -1,14 +1,14 @@
-# Copyright (C) 2023 weDevs
+# Copyright (C) 2024 weDevs
 # This file is distributed under the GPL2.
 msgid ""
 msgstr ""
 "Project-Id-Version: WooCommerce Conversion Tracking 2.0.11\n"
 "Report-Msgid-Bugs-To: https://example.com\n"
-"POT-Creation-Date: 2023-09-15 11:33:43+00:00\n"
+"POT-Creation-Date: 2024-01-16 10:36:36+00:00\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=utf-8\n"
 "Content-Transfer-Encoding: 8bit\n"
-"PO-Revision-Date: 2023-MO-DA HO:MI+ZONE\n"
+"PO-Revision-Date: 2024-MO-DA HO:MI+ZONE\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 "Language-Team: LANGUAGE <EMAIL@ADDRESS>\n"
 "X-Generator: grunt-wp-i18n 0.5.4\n"
@@ -37,23 +37,32 @@ msgid ""
 "Addons for Elementor to shape your dream.</strong> 😊"
 msgstr ""
 
-#: includes/class-admin.php:49
+#: includes/class-admin.php:50
 msgid "Conversion Tracking"
 msgstr ""
 
-#: includes/class-admin.php:73
+#: includes/class-admin.php:74
 msgid "Integrations"
 msgstr ""
 
-#: includes/class-ajax.php:54
+#: includes/class-ajax.php:31 includes/class-ajax.php:77
+#: includes/class-ajax.php:138
+msgid "nonce verification failed"
+msgstr ""
+
+#: includes/class-ajax.php:56
 msgid "Settings has been saved successfully!"
 msgstr ""
 
-#: includes/class-ajax.php:75
+#: includes/class-ajax.php:69 includes/class-ajax.php:130
+msgid "You do not have permission to install Happy Addons"
+msgstr ""
+
+#: includes/class-ajax.php:92
 msgid "ERROR: Error fetching plugin information: %s"
 msgstr ""
 
-#: includes/class-ajax.php:100
+#: includes/class-ajax.php:117
 msgid "Successfully installed and activate,"
 msgstr ""
 

includes/class-ajax.php

@@ -1,6 +1,6 @@
 {
   "name": "Woocommerce-Conversion-Tracking",
-  "version": "2.0.11",
+  "version": "2.0.12",
   "description": "Conversion tracking plugin for WooCommerce",
   "author": "Tareq Hasan",
   "license": "GPL",