Skip to content

Fix guest preview publish nonce flow #2828

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
Armanul46 merged 2 commits into from
Apr 30, 2026
Merged

Fix guest preview publish nonce flow #2828

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
6bb603f
Fix guest preview publish nonce flow
Armanul46 Apr 22, 2026
3bfde19
fixed space issue
Armanul46 Apr 30, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 0 additions & 4 deletions includes/classes/class-add-listing.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -511,10 +511,6 @@ public function atbdp_submit_listing() {
$data['redirect_url'] = Helper::escape_query_strings_from_url( $posted_data['redirect_url'] );
}

if ( $preview_enable ) {
$data['redirect_url'] = wp_nonce_url( $data['redirect_url'], 'directorist_listing_form_redirect_url_' . $listing_id, '_token' );
}

$data['redirect_url'] = urlencode( $data['redirect_url'] );

$data = apply_filters( 'directorist_ajax_listing_submission_response', $data );
Expand Down
6 changes: 5 additions & 1 deletion includes/classes/class-listing.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -126,13 +126,17 @@ public function update_listing_status_after_review() {
if ( ( empty( $_GET['listing_status'] ) && empty( $_GET['reviewed'] ) ) || isset( $_GET['preview'] ) ) {
return;
}

// Retrieve listing ID from multiple possible query parameters
$listing_id = $this->get_listing_id_from_request();

if ( ! $listing_id || ! directorist_is_listing_post_type( $listing_id ) ) {
return;
}

if ( ! current_user_can( get_post_type_object( ATBDP_POST_TYPE )->cap->edit_post, $listing_id ) ) {
return;
}

if ( ! $this->validate_nonce( $listing_id ) ) {
return;
}
Expand Down
12 changes: 6 additions & 6 deletions includes/model/SingleListing.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -951,15 +951,14 @@ public function get_rating_count() {
}

public function submit_link() {
$payment = isset( $_GET['payment'] ) ? sanitize_text_field( wp_unslash( $_GET['payment'] ) ) : '';
$payment = isset( $_GET['payment'] ) ? sanitize_text_field( wp_unslash( $_GET['payment'] ) ) : '';

$redirect = '';
if ( isset( $_GET['redirect'] ) ) {
// phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
$redirect = wp_validate_redirect( wp_unslash( $_GET['redirect'] ), '' );
}



$listing_id = isset( $_GET['post_id'] ) ? sanitize_text_field( wp_unslash( $_GET['post_id'] ) ) : get_the_ID();
$listing_id = isset( $_GET['p'] ) ? sanitize_text_field( wp_unslash( $_GET['p'] ) ) : $listing_id;
$link = '';
Expand All @@ -978,16 +977,17 @@ public function submit_link() {
'p' => $listing_id,
'post_id' => $listing_id,
'reviewed' => 'yes',
'edited' => $edited ? 'yes' : 'no'
'edited' => $edited ? 'yes' : 'no',
];
} else {
$args = [
'atbdp_listing_id' => $listing_id,
'reviewed' => 'yes'
'reviewed' => 'yes',
];
}

$link = add_query_arg( $args, $redirect );
$link = wp_nonce_url( $link, 'directorist_listing_form_redirect_url_' . $listing_id, '_token' );
}

return $link;
Expand Down
Loading