Skip to content

Commit 3482984

Browse files
address code review feedback (WP-1007)
- route all TaxonomyLinksController responses through wordpressProxy - remove unused testConnectionNonce from wp_localize_script - replace $GLOBALS capture in ContentRelationsHandlerTest with anonymous class instance properties - rename nonce action smartling_instant_translation → smartling_translation across all check_ajax_referer/wp_create_nonce call sites Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
1 parent 5a9178a commit 3482984

8 files changed

Lines changed: 17 additions & 20 deletions

inc/Smartling/Services/ContentRelationsHandler.php

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -81,7 +81,7 @@ public function register(): void
8181
*/
8282
public function createSubmissionsHandler(array $data = null): void
8383
{
84-
$this->wpProxy->check_ajax_referer('smartling_instant_translation', '_wpnonce');
84+
$this->wpProxy->check_ajax_referer('smartling_translation', '_wpnonce');
8585
if (!$this->wpProxy->current_user_can(SmartlingUserCapabilities::SMARTLING_CAPABILITY_WIDGET_CAP)) {
8686
$this->returnError('permission.denied', 'Insufficient permissions', 403);
8787
return;
@@ -104,7 +104,7 @@ public function createSubmissionsHandler(array $data = null): void
104104

105105
public function actionHandler(): void
106106
{
107-
$this->wpProxy->check_ajax_referer('smartling_instant_translation', '_wpnonce');
107+
$this->wpProxy->check_ajax_referer('smartling_translation', '_wpnonce');
108108
if (!$this->wpProxy->current_user_can(SmartlingUserCapabilities::SMARTLING_CAPABILITY_WIDGET_CAP)) {
109109
$this->returnError('permission.denied', 'Insufficient permissions', 403);
110110
return;

inc/Smartling/WP/Controller/ConfigurationProfileFormController.php

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -32,7 +32,6 @@ public function wp_enqueue(): void
3232
wp_enqueue_script($jFile, $jFile, ['jquery'], $ver, false);
3333
}
3434
wp_localize_script($jsPath . 'configuration-profile-form.js', 'smartlingProfileForm', [
35-
'testConnectionNonce' => wp_create_nonce('smartling_test_connection'),
3635
'expertSettingsNonce' => wp_create_nonce('smartling_expert_global_settings'),
3736
]);
3837
}

inc/Smartling/WP/Controller/ContentEditJobController.php

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -87,7 +87,7 @@ public function setServedContentType($servedContentType)
8787
public function initJobApiProxy(): void
8888
{
8989
add_action('wp_ajax_' . self::SMARTLING_JOB_API_PROXY, function () {
90-
$this->wpProxy->check_ajax_referer('smartling_instant_translation', '_wpnonce');
90+
$this->wpProxy->check_ajax_referer('smartling_translation', '_wpnonce');
9191
if (!$this->wpProxy->current_user_can(SmartlingUserCapabilities::SMARTLING_CAPABILITY_WIDGET_CAP)) {
9292
$this->wpProxy->wp_send_json(['status' => 403, 'message' => 'Insufficient permissions'], 403);
9393
return;

inc/Smartling/WP/Controller/InstantTranslationController.php

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -37,7 +37,7 @@ public function register(): void
3737

3838
public function handleRequestTranslation(): void
3939
{
40-
$this->wpProxy->check_ajax_referer('smartling_instant_translation', '_wpnonce');
40+
$this->wpProxy->check_ajax_referer('smartling_translation', '_wpnonce');
4141

4242
if (!$this->wpProxy->current_user_can(SmartlingUserCapabilities::SMARTLING_CAPABILITY_WIDGET_CAP)) {
4343
$this->wpProxy->wp_send_json_error(['message' => 'Insufficient permissions'], 403);
@@ -139,7 +139,7 @@ public function handleRequestTranslation(): void
139139

140140
public function handlePollStatus(): void
141141
{
142-
$this->wpProxy->check_ajax_referer('smartling_instant_translation', '_wpnonce');
142+
$this->wpProxy->check_ajax_referer('smartling_translation', '_wpnonce');
143143

144144
if (!$this->wpProxy->current_user_can(SmartlingUserCapabilities::SMARTLING_CAPABILITY_WIDGET_CAP)) {
145145
$this->wpProxy->wp_send_json_error(['message' => 'Insufficient permissions'], 403);

inc/Smartling/WP/Controller/TaxonomyLinksController.php

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -162,7 +162,7 @@ public function linkTaxonomies($data)
162162
$data = $_POST;
163163
}
164164
if (!isset($data['sourceBlogId'], $data['sourceId'], $data['taxonomy'])) {
165-
wp_send_json_error('Required parameter missing');
165+
$this->wordpressProxy->wp_send_json_error('Required parameter missing');
166166
}
167167
$sourceBlogId = (int)$data['sourceBlogId'];
168168
$sourceId = (int)$data['sourceId'];
@@ -210,13 +210,13 @@ public function linkTaxonomies($data)
210210
}
211211
$submissions = array_merge($submissionsToAdd, $submissionsToUpdate);
212212
if (count(array_merge($submissions, $submissionsToDelete)) === 0) {
213-
wp_send_json_error('No changes');
213+
$this->wordpressProxy->wp_send_json_error('No changes');
214214
}
215215
$this->submissionManager->storeSubmissions($submissions);
216216
foreach ($submissionsToDelete as $submission) {
217217
$this->submissionManager->delete($submission);
218218
}
219-
wp_send_json(['success' => true, 'submissions' => $this->getSubmissions()]);
219+
$this->wordpressProxy->wp_send_json(['success' => true, 'submissions' => $this->getSubmissions()]);
220220
}
221221

222222
/**

inc/Smartling/WP/View/BulkSubmit.php

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -70,7 +70,7 @@
7070
data-locales='<?= htmlspecialchars(json_encode(array_values($localesData), JSON_HEX_APOS | JSON_HEX_QUOT | JSON_HEX_AMP | JSON_HEX_TAG), ENT_QUOTES, 'UTF-8') ?>'
7171
data-ajax-url="<?= admin_url('admin-ajax.php') ?>"
7272
data-admin-url="<?= admin_url('admin-ajax.php') ?>"
73-
data-nonce="<?= wp_create_nonce('smartling_instant_translation') ?>"></div>
73+
data-nonce="<?= wp_create_nonce('smartling_translation') ?>"></div>
7474
<div class="postbox-container" style="display:none;">
7575
<div id="panel-box" class="postbox hndle">
7676
<div class="inside">

inc/Smartling/WP/View/ContentEditJob.php

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -59,7 +59,7 @@
5959
data-locales='<?= htmlspecialchars(json_encode(array_values($localesData), JSON_THROW_ON_ERROR | JSON_HEX_APOS | JSON_HEX_QUOT), ENT_QUOTES, 'UTF-8') ?>'
6060
data-ajax-url="<?= admin_url('admin-ajax.php') ?>"
6161
data-admin-url="<?= admin_url('admin-ajax.php') ?>"
62-
data-nonce="<?= wp_create_nonce('smartling_instant_translation') ?>"></div>
62+
data-nonce="<?= wp_create_nonce('smartling_translation') ?>"></div>
6363
<?php if ($needWrapper) : ?>
6464
</div>
6565
</div>

tests/Services/ContentRelationsHandlerTest.php

Lines changed: 7 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -84,24 +84,22 @@ public function testCreateSubmissionsHandlerReturns403WhenCapabilityMissing(): v
8484

8585
$proxy = $this->makeWpProxy(false);
8686

87-
$errorKey = null;
88-
$errorCode = null;
8987
$x = new class($service, $proxy) extends ContentRelationsHandler {
88+
public ?string $capturedErrorKey = null;
89+
public ?int $capturedErrorCode = null;
90+
9091
public function returnResponse(array $data, $responseCode = 200): void {}
9192

9293
public function returnError($key, $message, $responseCode = 400): void
9394
{
94-
// Capture for assertions
95-
$GLOBALS['_test_error_key'] = $key;
96-
$GLOBALS['_test_error_code'] = $responseCode;
95+
$this->capturedErrorKey = $key;
96+
$this->capturedErrorCode = $responseCode;
9797
}
9898
};
9999

100100
$x->createSubmissionsHandler(['formAction' => ContentRelationsHandler::FORM_ACTION_CLONE, 'source' => ['id' => [1], 'contentType' => 'post'], 'targetBlogIds' => '2']);
101101

102-
$this->assertSame('permission.denied', $GLOBALS['_test_error_key'] ?? null);
103-
$this->assertSame(403, $GLOBALS['_test_error_code'] ?? null);
104-
105-
unset($GLOBALS['_test_error_key'], $GLOBALS['_test_error_code']);
102+
$this->assertSame('permission.denied', $x->capturedErrorKey);
103+
$this->assertSame(403, $x->capturedErrorCode);
106104
}
107105
}

0 commit comments

Comments
 (0)