Context Navigation

← Previous Changeset
Next Changeset →

Changeset 3432651

Timestamp:

01/05/2026 10:51:21 AM (3 months ago)

Author:

alphanetbd

Message:

woocomerce guest checkout nonce verification fixed

Location:

alpha-sms

Files:

: 40 added
: 5 edited

tags/1.0.16 (added)
tags/1.0.16/LICENSE.txt (added)
tags/1.0.16/README.txt (added)
tags/1.0.16/admin (added)
tags/1.0.16/admin/class-alpha_sms-admin.php (added)
tags/1.0.16/admin/css (added)
tags/1.0.16/admin/css/alpha_sms-admin.css (added)
tags/1.0.16/admin/index.php (added)
tags/1.0.16/admin/js (added)
tags/1.0.16/admin/js/alpha_sms-admin.js (added)
tags/1.0.16/admin/partials (added)
tags/1.0.16/admin/partials/alpha_sms-admin-display_campaign.php (added)
tags/1.0.16/admin/partials/alpha_sms-admin-display_settings.php (added)
tags/1.0.16/alpha_sms.php (added)
tags/1.0.16/includes (added)
tags/1.0.16/includes/class-alpha_sms-activator.php (added)
tags/1.0.16/includes/class-alpha_sms-background.php (added)
tags/1.0.16/includes/class-alpha_sms-deactivator.php (added)
tags/1.0.16/includes/class-alpha_sms-i18n.php (added)
tags/1.0.16/includes/class-alpha_sms-loader.php (added)
tags/1.0.16/includes/class-alpha_sms.php (added)
tags/1.0.16/includes/index.php (added)
tags/1.0.16/includes/sms.class.php (added)
tags/1.0.16/index.php (added)
tags/1.0.16/languages (added)
tags/1.0.16/languages/alpha_sms.pot (added)
tags/1.0.16/public (added)
tags/1.0.16/public/class-alpha_sms-public.php (added)
tags/1.0.16/public/css (added)
tags/1.0.16/public/css/alpha_sms-public.css (added)
tags/1.0.16/public/css/otp-login-form.css (added)
tags/1.0.16/public/index.php (added)
tags/1.0.16/public/js (added)
tags/1.0.16/public/js/alpha_sms-public.js (added)
tags/1.0.16/public/js/otp-login-form.js (added)
tags/1.0.16/public/partials (added)
tags/1.0.16/public/partials/add-otp-checkout-form.php (added)
tags/1.0.16/public/partials/add-otp-on-login-form.php (added)
tags/1.0.16/public/partials/add-otp-on-wc-reg-form.php (added)
tags/1.0.16/uninstall.php (added)
trunk/README.txt (modified) (1 diff)
trunk/alpha_sms.php (modified) (2 diffs)
trunk/includes/class-alpha_sms.php (modified) (1 diff)
trunk/public/class-alpha_sms-public.php (modified) (2 diffs)
trunk/public/js/alpha_sms-public.js (modified) (3 diffs)

Legend:

: Unmodified
: Added
: Removed

alpha-sms/trunk/README.txt

r3424529	r3432651
5	5	Tested up to: 6.9
6	6	Requires PHP: 5.6
7		Stable tag: 1.0.15
	7	Stable tag: 1.0.16
8	8	License: GPLv2 or later
9	9	License URI: http://www.gnu.org/licenses/gpl-2.0.html

alpha-sms/trunk/alpha_sms.php

-                      r3424529
+                      r3432651
  * Plugin URI:        https://sms.net.bd/plugins/wordpress
  * Description:       WP 2FA Login. SMS OTP Verification for Registration and Login forms, WooCommerce SMS Notification for your shop orders.
  * Version:           1.0.15
+ * Version:           1.0.16
  * Author:            Alpha Net
  * Author URI:        https://sms.net.bd/
 …
  * Rename this for your plugin and update it as you release new versions.
  */
 define('ALPHA_SMS_VERSION', '1.0.15');
+define('ALPHA_SMS_VERSION', '1.0.16');
 // plugin constants

alpha-sms/trunk/includes/class-alpha_sms.php

r3424529	r3432651
77	77	$this->version = ALPHA_SMS_VERSION;
78	78	} else {
79		$this->version = '1.0.15';
	79	$this->version = '1.0.16';
80	80	}
81	81	$this->plugin_name = 'alpha_sms';

alpha-sms/trunk/public/class-alpha_sms-public.php

-                      r3427389
+                      r3432651
+                [
                     'ajaxurl' => admin_url('admin-ajax.php'),
                     $this->plugin_name . '_checkout_nonce' => wp_create_nonce('woocommerce-process-checkout-nonce'),
+                    $this->plugin_name . '_checkout_nonce' => wp_create_nonce('alpha_sms_checkout_otp'),
                     'checkout_otp' => ! empty($this->options['otp_checkout']) ? 'yes' : 'no',
+                ]
 …
         // Guest checkout / other actions that rely on WooCommerce checkout nonce
         if ($action_type === 'wc_checkout') {
+            $wc_checkout_nonce = isset($_POST['woocommerce-process-checkout-nonce']) ? sanitize_text_field(wp_unslash($_POST['woocommerce-process-checkout-nonce'])) : '';
+            if (empty($wc_checkout_nonce) || ! wp_verify_nonce($wc_checkout_nonce, 'woocommerce-process-checkout-nonce')) {
+                $response = [
+                    'status'  => 403,
+                    'message' => __('Security Check failed. Please reload the page and try again.', 'alpha-sms'),
+                ];
+                echo wp_kses_post(json_encode($response));
+                wp_die();
+                exit;
+            }
+            check_ajax_referer('alpha_sms_checkout_otp', 'alpha_sms_checkout_nonce');
             $nonce_ok = true;
+        }

alpha-sms/trunk/public/js/alpha_sms-public.js

-                      r3424529
+                      r3432651
+   initializeCheckoutSubmitProxy();
+   if(alpha_sms_object.checkout_otp == 'yes'){
+      initializeCheckoutSubmitProxy();
+   }
    $(document.body).on('updated_checkout', initializeCheckoutSubmitProxy);
 });
 …
       .fail(() =>
          alert_wrapper.html(
             showError('Something went wrong. Please try again later')
+            showError('OTP verification request failed. Please try again later')
+         )
+      )
 …
       billing_phone: phone,
       action_type: checkout_form.find('#action_type').val(),
+      alpha_sms_checkout_nonce: alpha_sms_object.alpha_sms_checkout_nonce
    };
+   // include checkout nonce if present
+   const checkoutNonceField = checkout_form.find('input[name="woocommerce-process-checkout-nonce"]');
+   if (checkoutNonceField && checkoutNonceField.length) {
+      data['woocommerce-process-checkout-nonce'] = checkoutNonceField.val();
+   }
    $.post(

Note: See TracChangeset for help on using the changeset viewer.

Trac UI Preferences

Plugin Directory