/** * AJAX action to download invoice */ public function bewpi_download_invoice() { if (isset($_GET['action']) && isset($_GET['order_id']) && isset($_GET['nonce'])) { $action = $_GET['action']; $order_id = $_GET['order_id']; $nonce = $_REQUEST["nonce"]; if (!wp_verify_nonce($nonce, $action)) { die('Invalid request'); } if (empty($order_id)) { die('Invalid order ID'); } $invoice = new BEWPI_Invoice($order_id); $invoice->view(); } }
/** * Callback to sniff for specific plugin actions to view, create or delete invoice. */ private function invoice_actions() { if (isset($_GET['bewpi_action']) && isset($_GET['post']) && is_numeric($_GET['post']) && isset($_GET['nonce'])) { $action = $_GET['bewpi_action']; $order_id = $_GET['post']; $nonce = $_REQUEST['nonce']; if (!wp_verify_nonce($nonce, $action)) { wp_die(__('Invalid request', 'woocommerce-pdf-invoices')); } if (empty($order_id)) { wp_die(__('Invalid order ID', 'woocommerce-pdf-invoices')); } $user = wp_get_current_user(); $allowed_roles = array('administrator', 'shop_manager'); $customer_user_id = get_post_meta($order_id, '_customer_user', true); if (!array_intersect($allowed_roles, $user->roles) && get_current_user_id() != $customer_user_id) { wp_die(__('Access denied', 'woocommerce-pdf-invoices')); } $invoice = new BEWPI_Invoice($order_id); switch ($_GET['bewpi_action']) { case "view": $invoice->view(); break; case "cancel": $invoice->delete(); break; case "create": $invoice->save("F"); break; } } }