Pixeldust Drupal Support Service

How to test nonce with AJAX – Plugin development

I built a plugin, but now on end, I am not sure whether my nonce integrated correctly, and I’m not sure how to test them.

Can anyone help me test it or let me know if the nonce is integrated correctly?

Here is one example from my code:

PHP:

public function __construct() {
    if ( ! is_admin() ) {
        add_action( 'wp_head', array( $this, 'pp_html_template' ) );
        add_action( 'init', array( $this, 'pp_html_process' ) );
    }

    add_action( 'wp_ajax_pp_html_process', array( $this, 'pp_html_process' ) );
}

public function pp_html_template() {
    ?>
    <form id="pp-form-submit" name="pp-form-submit" class="pp-form-submit" enctype="multipart/form-data">
        <?php wp_nonce_field( 'pp_publisher_save', 'pp_publisher_name' ); ?>
        <div class="pp-row">
            <label for="pp-title"><?php esc_attr_e( 'Title', 'post-publisher' ) ?></label>
            <input type="text" id="pp-title" name="pp_title" required>
        </div>
    
        <div class="pp-row">
            <label for="pp-content"><?php esc_attr_e( 'Content', 'post-publisher' ) ?></label>
            <textarea id="pp-content" name="pp_content" cols="30" rows="10" required></textarea>
        </div>
    
        <div class="pp-row">
            <label for="pp-featured-image"><?php esc_attr_e( 'Featured Image', 'post-publisher' ) ?></label>
            <input type="file" id="pp-featured-image" name="pp_featured_image" required>
        </div>
        <input type="hidden" name="action" value="pp_html_process"/>
        <div class="pp-row">
            <input type="submit" name="pp_submit" id="pp-submit">
        </div>
    
        <div class="pp-row">
            <div id="pp-response"></div>
            <div class="pp-posts-area"></div>
        </div>
    </form>
<?php }

public function pp_html_process() {
    if ( isset( $_POST['pp_submit'] ) ) {
        if ( ! isset( $_POST['pp_publisher_name'] ) || ! wp_verify_nonce( $_POST['pp_publisher_name'], 'pp_publisher_save' ) ) {
            esc_attr__( 'Sorry, this action is not allowed.', 'post-publisher' );
            exit;
        } else {
            $inc = new Pp_Includes();
            $inc->pp_post_data('pp_title', 'pp_content', 'pp_featured_image');

            global $current_user;

            $user_login   = $current_user->user_login;
            $user_id      = $current_user->ID;
            $post_title   = sanitize_text_field( $_POST[ 'pp_title' ] );
            $post_content = sanitize_textarea_field( $_POST[ 'pp_content' ] );

            $arg = array(
                'post_title'   => $post_title,
                'post_content' => $post_content,
                'post_author'  => $user_id,
                'post_type'    => 'post',
                'post_status'  => 'draft',
                'post_name'    => str_replace( ' ', '-', $post_title ),
            );

            $post_id = wp_insert_post( $arg, true );

            if ( ! function_exists( 'wp_generate_attachment_metadata' ) ) {
                require_once( ABSPATH . "wp-admin" . '/includes/image.php' );
                require_once( ABSPATH . "wp-admin" . '/includes/file.php' );
                require_once( ABSPATH . "wp-admin" . '/includes/media.php' );
            }

            $featured_image = media_handle_upload( 'pp_featured_image', $post_id );

            if ( is_wp_error( $featured_image ) ) {
                wp_die( $featured_image );
            }

            if ( $featured_image > 0 ) {
                update_post_meta( $post_id, '_thumbnail_id', $featured_image );
            }

            if ( wp_doing_ajax() ) {
                wp_die();
            }
        }
    }
}

Here is the localized script:

public function pp_enqueue_public_styles() {
    wp_enqueue_script( 'pp_public_ajax', plugins_url( '/assets/js/pp-public-ajax.js', __FILE__ ), array( 'jquery' ), null, true );
    wp_localize_script( 'pp_public_ajax', 'pp_public_ajax',
        array(
            'pp_ajaxurl'             => admin_url( 'admin-ajax.php' ),
            'pp_publisher_name'      => wp_create_nonce( 'pp_publisher_save' )
        )
    );
}

AJAX:

function ppAjaxSubmit() {
    var ppFormData = new FormData(this);

    ppFormData.append('pp_submit', 1);
    ppFormData.append('security', pp_public_ajax.pp_publisher_name)

    $.ajax({
        action: 'pp_featured_image',
        type: 'POST',
        url: pp_public_ajax.pp_ajaxurl,
        data: ppFormData,
        processData: false,
        contentType: false,
        success: function () {
            console.log(data);
        },
        error: function () {
            console.log(err)
        }
    });

    return false;
}

$('#pp-form-submit').submit(ppAjaxSubmit);

Any advice would be appreciated.

$299 Affordable Web Design WordPress

This article was republished from its original source.
Call Us: 1(800)730-2416

Pixeldust is a 20-year-old web development agency specializing in Drupal and WordPress and working with clients all over the country. With our best in class capabilities, we work with small businesses and fortune 500 companies alike. Give us a call at 1(800)730-2416 and let’s talk about your project.

Let's Talk About a Project

FREE Drupal SEO Audit

Test your site below to see which issues need to be fixed. We will fix them and optimize your Drupal site 100% for Google and Bing. (Allow 30-60 seconds to gather data.)

Powered by

How to test nonce with AJAX – Plugin development

On-Site Drupal SEO Master Setup

We make sure your site is 100% optimized (and stays that way) for the best SEO results.

With Pixeldust On-site (or On-page) SEO we make changes to your site’s structure and performance to make it easier for search engines to see and understand your site’s content. Search engines use algorithms to rank sites by degrees of relevance. Our on-site optimization ensures your site is configured to provide information in a way that meets Google and Bing standards for optimal indexing.

This service includes:

  • Pathauto install and configuration for SEO-friendly URLs.
  • Meta Tags install and configuration with dynamic tokens for meta titles and descriptions for all content types.
  • Install and fix all issues on the SEO checklist module.
  • Install and configure XML sitemap module and submit sitemaps.
  • Install and configure Google Analytics Module.
  • Install and configure Yoast.
  • Install and configure the Advanced Aggregation module to improve performance by minifying and merging CSS and JS.
  • Install and configure Schema.org Metatag.
  • Configure robots.txt.
  • Google Search Console setup snd configuration.
  • Find & Fix H1 tags.
  • Find and fix duplicate/missing meta descriptions.
  • Find and fix duplicate title tags.
  • Improve title, meta tags, and site descriptions.
  • Optimize images for better search engine optimization. Automate where possible.
  • Find and fix the missing alt and title tag for all images. Automate where possible.
  • The project takes 1 week to complete.
MASTER YOUR DRUPAL SEO
Pixeldust and Pantheon Drupal Development
256