/**
* Verify nonce of an AJAX request
*
* @since 3.8.9
* @access private
*
* @uses WP_Error WordPress Error Class
* @uses wp_verify_nonce() Verify that correct nonce was used with time limit.
*
* @param string $ajax_action Name of AJAX action
* @return WP_Error|boolean True if nonce is valid. WP_Error if otherwise.
*/
function _wpsc_ajax_verify_nonce($ajax_action)
{
// nonce can be passed with name wpsc_nonce or _wpnonce
$nonce = '';
if (isset($_REQUEST['nonce'])) {
$nonce = $_REQUEST['nonce'];
} elseif (isset($_REQUEST['_wpnonce'])) {
$nonce = $_REQUEST['_wpnonce'];
} else {
return _wpsc_error_invalid_nonce();
}
// validate nonce
if (!wp_verify_nonce($nonce, 'wpsc_ajax_' . $ajax_action)) {
return _wpsc_error_invalid_nonce();
}
return true;
}
/**
* Do purchase log action link via AJAX
*
* @since 3.9.0
* @access private
*
* @return array|WP_Error $return Response args if successful, WP_Error if otherwise
*/
function _wpsc_ajax_purchase_log_action_link()
{
if (isset($_POST['log_id']) && isset($_POST['purchase_log_action_link']) && isset($_POST['purchase_log_action_nonce'])) {
$log_id = absint($_POST['log_id']);
$purchase_log_action_link = sanitize_key($_POST['purchase_log_action_link']);
// Verify action nonce
if (wp_verify_nonce($_POST['purchase_log_action_nonce'], 'wpsc_purchase_log_action_ajax_' . $purchase_log_action_link)) {
// Expected to receive success = true by default, or false on error.
$return = apply_filters('wpsc_purchase_log_action_ajax-' . $purchase_log_action_link, array('success' => null), $log_id);
} else {
$return = _wpsc_error_invalid_nonce();
}
if (!is_wp_error($return)) {
$return['log_id'] = $log_id;
$return['purchase_log_action_link'] = $purchase_log_action_link;
$return['success'] = isset($return['success']) ? (bool) $return['success'] : null;
}
return $return;
}
return new WP_Error('wpsc_ajax_invalid_purchase_log_action', __('Purchase log action failed.', 'wpsc'));
}
