|
<?php |
|
|
|
add_action( 'wp_enqueue_scripts' , 'cookie_connector_secure_ajax', 10, 1 ); |
|
|
|
/** |
|
* Add Cookie Connector with secured access |
|
* add cookie security nonce that gets checked on call |
|
* @return [type] [description] |
|
*/ |
|
function cookie_connector_secure_ajax() { |
|
wp_enqueue_script( |
|
'cookie-connect-security', |
|
COOKIECONNECTOR_URL . 'js/cookieconnector.js', |
|
[ 'jquery' ], |
|
false, |
|
true |
|
); |
|
|
|
wp_localize_script( |
|
'cookie-connect-security', |
|
'cookie_ajax_object', |
|
[ |
|
'ajax_url' => admin_url( 'admin-ajax.php' ), |
|
'security' => wp_create_nonce( 'cookie-security-nonce' ), |
|
] |
|
); |
|
} |
|
|
|
add_action( 'wp_ajax_cookie_connector_set' , 'set_cookie' ); |
|
add_action( 'wp_ajax_cookie_connector_unset' , 'set_cookie' ); |
|
add_action( 'wp_ajax_nopriv_cookie_connector_set' , 'set_cookie' ); |
|
add_action( 'wp_ajax_nopriv_cookie_connector_unset' , 'set_cookie' ); |
|
|
|
|
|
/** |
|
* Set the cookie, check for security nonce first |
|
* check for accepted cookie compliance from Cookie Notice plugin (we don't want to piss people off) |
|
* |
|
* Set the cookie using |
|
* cn (cookie name) |
|
* cv (cookie value) |
|
* valid (validity in seconds) |
|
* |
|
*/ |
|
function set_cookie() { |
|
|
|
if( ! check_ajax_referer( 'cookie-security-nonce' , 'security' ) ) { |
|
wp_send_json_error( 'Invalid security token sent.' ); |
|
wp_die(); |
|
} |
|
|
|
if ( !function_exists('cn_cookies_accepted') || !cn_cookies_accepted() ) { |
|
wp_die(); |
|
} |
|
|
|
if ( !defined( 'DOING_AJAX' ) ) define( 'DOING_AJAX' , TRUE ); |
|
|
|
$cookie_name = isset( $_GET[ 'cn' ] ) ? $_GET['cn'] : false; |
|
|
|
$cookie_value = isset( $_GET['cv'] ) ? $_GET['cv'] : false; |
|
|
|
// serialize the data if it's an array |
|
if ( is_array( $cookie_value ) ) $cookie_value = json_encode( $cookie_value ); |
|
|
|
if ( isset( $_GET['bool'] ) ) $cookie_value = (boolean) $cookie_value; |
|
|
|
if ( ! $cookie_name ) { |
|
wp_send_json_error( array( 'success'=> false , 'error' => '401', 'message' => 'cookie not set/unset, no name given. ( cn )' ) ); |
|
wp_die(); |
|
} |
|
if ( ! $cookie_value && $_GET['action'] == 'cookie_connect_set' ) { |
|
wp_send_json_error( array( 'success' => false, 'error' => '402', 'message' => 'cookie not set, no value given. ( cv )' ) ); |
|
wp_die(); |
|
} |
|
|
|
$cookie_valid = isset( $_GET['valid'] ) ? $_GET['valid'] : 60 * 60; |
|
|
|
|
|
if ( 'cookie_connector_unset' == $_GET['action'] ) { |
|
setcookie( $cookie_name , $cookie_value , time() - 1 , COOKIEPATH, COOKIE_DOMAIN , isset($_SERVER["HTTPS"]) ); |
|
wp_send_json( array( 'success' => true, 'message' => "Done unsetting cookie '{$cookie_name}'." ) ); |
|
} else { |
|
setcookie( $cookie_name , $cookie_value , time() + $cookie_valid , COOKIEPATH, COOKIE_DOMAIN , isset($_SERVER["HTTPS"]), true ); |
|
wp_send_json( array( 'success' => true, 'message' => "Done setting cookie '{$cookie_name}' to value '{$cookie_value}' with validity $cookie_valid seconds." ) ); |
|
} |
|
|
|
wp_die(); |
|
} |