Fix: Optin and optout rediation page expired issues

Appsero · Sep 12, 2024 · b765766 · b765766
1 parent a8e02e8
commit b765766
Showing 1 changed file with 78 additions and 14 deletions.
diff --git a/src/Insights.php b/src/Insights.php
@@ -488,31 +488,95 @@ public function admin_notice()
      */
     public function handle_optin_optout()
     {
-        if (!isset($_GET['_wpnonce'])) {
+        if (! $this->is_valid_request() || ! $this->has_manage_options_capability()) {
             return;
         }
 
-        if (!wp_verify_nonce(sanitize_key($_GET['_wpnonce']), '_wpnonce')) {
-            return;
+        if ($this->is_optin_request()) {
+            $this->optin();
+            $this->handle_redirection($this->client->slug . '_tracker_optin');
         }
 
-        if (!current_user_can('manage_options')) {
-            return;
+        if ($this->is_optout_request()) {
+            $this->optout();
+            $this->handle_redirection($this->client->slug . '_tracker_optout');
         }
+    }
 
-        if (isset($_GET[$this->client->slug . '_tracker_optin']) && $_GET[$this->client->slug . '_tracker_optin'] === 'true') {
-            $this->optin();
+    /**
+     * Validate the request nonce.
+     *
+     * @return bool
+     */
+    private function is_valid_request()
+    {
+        return isset($_GET['_wpnonce']) &&
+            wp_verify_nonce(sanitize_key($_GET['_wpnonce']), '_wpnonce');
+    }
 
-            wp_safe_redirect(remove_query_arg($this->client->slug . '_tracker_optin'));
-            exit;
-        }
+    /**
+     * Check if the current user has manage options capability.
+     *
+     * @return bool
+     */
+    private function has_manage_options_capability()
+    {
+        return current_user_can('manage_options');
+    }
 
-        if (isset($_GET[$this->client->slug . '_tracker_optout']) && isset($_GET[$this->client->slug . '_tracker_optout']) && $_GET[$this->client->slug . '_tracker_optout'] === 'true') {
-            $this->optout();
+    /**
+     * Check if the current request is for opt-in.
+     *
+     * @return bool
+     */
+    private function is_optin_request()
+    {
+        return isset($_GET[$this->client->slug . '_tracker_optin']) && $_GET[$this->client->slug . '_tracker_optin'] === 'true';
+    }
 
-            wp_safe_redirect(remove_query_arg($this->client->slug . '_tracker_optout'));
-            exit;
+    /**
+     * Check if the current request is for opt-out.
+     *
+     * @return bool
+     */
+    private function is_optout_request()
+    {
+        return isset($_GET[$this->client->slug . '_tracker_optout']) && $_GET[$this->client->slug . '_tracker_optout'] === 'true';
+    }
+
+    /**
+     * Handle redirection after opt-in/opt-out actions.
+     *
+     * @param string $param The query parameter to remove.
+     */
+    private function handle_redirection($param)
+    {
+        if ($this->is_inaccessible_page()) {
+            wp_safe_redirect(admin_url());
+        } else {
+            wp_safe_redirect(remove_query_arg($param));
+        }
+        exit;
+    }
+
+    /**
+     * Check if the current page is updater.php or similar inaccessible pages.
+     *
+     * @return bool
+     */
+    private function is_inaccessible_page()
+    {
+        $inaccessible_pages = [
+            '/wp-admin/update.php', // Add similar inaccessible PHP files here
+        ];
+
+        foreach ($inaccessible_pages as $page) {
+            if (isset($_SERVER['REQUEST_URI']) && strpos($_SERVER['REQUEST_URI'], $page) !== false) {
+                return true;
+            }
         }
+
+        return false;
     }
 
     /**