Updated version to 2.2.5 and improved nonce verification

The version number has been updated across multiple files from 2.2.4 to 2.2.5, reflecting the new release of the software.

Nonce verification has also been enhanced in several places for better security measures, with 'simpay_paywall_nonce' being replaced by 'simpay_nonce'. This change is reflected in both form submissions and nonce field creation.

Indentation changes have been made in payment-form.php for better code readability and consistency throughout the file.

composer.json

@@ -1,6 +1,6 @@
 {
     "name": "simpay/simpay-wordpress",
-    "version": "2.2.4",
+    "version": "2.2.5",
     "type": "library",
     "require": {
         "simpaypl/simpay": "^2.2"

readme.txt

@@ -4,7 +4,7 @@ Donate link: https://darkgl.pl/
 Tags: simpay, payments, directbiling, sms
 Requires at least: 6.0
 Tested up to: 6.6.1
-Stable tag: 2.2.4
+Stable tag: 2.2.5
 Requires PHP: 8.1
 License: GPLv2 or later
 License URI: https://www.gnu.org/licenses/gpl-2.0.html

simpay-wordpress.php

@@ -4,7 +4,7 @@
  * Plugin Name:       SimPay Wordpress
  * Plugin URI:        https://simpay.pl
  * Description:       Use SimPay SMS service to use during registration or access to the post.
- * Version:           2.2.4
+ * Version:           2.2.5
  * Author:            SimPay
  * Author URI:        https://simpay.pl
  * License:           GPL-2.0+

src/Modules/PaywallMode/Hooks/AddPaywallOnPost.php

@@ -85,7 +85,7 @@ private function showNotLoggedInAlert(): string
      */
     private function handlePaywallForm(mixed $wpQuery): ?string
     {
-        if (!isset($_POST['_simpay_nonce']) || !wp_verify_nonce($_POST['_simpay_nonce'], 'simpay_paywall_nonce')) {
+        if (!isset($_POST['_simpay_nonce']) || !wp_verify_nonce($_POST['_simpay_nonce'], 'simpay_nonce')) {
             return '';
         }
 

src/Modules/PaywallMode/Hooks/SaveMetaboxPaywallData.php

@@ -15,6 +15,10 @@ public static function getHookName(): string
 
     public function __invoke($postId): void
     {
+        if (!isset($_POST['_simpay_nonce']) || !wp_verify_nonce($_POST['_simpay_nonce'], 'simpay_nonce')) {
+            return;
+        }
+
         update_post_meta(
             $postId,
             'paywall_active',

view/admin/settings/settings-page.php

@@ -5,6 +5,7 @@
 <div class="wrap">
     <h1><?php echo esc_html(get_admin_page_title()); ?></h1>
     <form action="options.php" method="post">
+        <?php wp_nonce_field('simpay_nonce', '_simpay_nonce'); ?>
         <?php
         settings_fields('simpay-options');
 do_settings_sections('simpay-options');

view/public/paywall/payment-form.php

@@ -3,19 +3,19 @@
 } ?>
 
 <div class="simpay-paywall-payment-form">
-    <p class="message">
-        Aby uzyskać dostęp, wyślij SMS na numer
-        <strong><?php echo esc_html($smsNumber); ?></strong> o treści
-        <strong><?php echo esc_html($smsCode); ?></strong>. Koszt SMS
-        to
-        <strong><?php echo esc_html($smsPrice); ?> zł
-            (brutto)</strong>
-    </p>
-    <form method="post">
-        <?php wp_nonce_field('simpay_paywall_nonce', '_simpay_nonce'); ?>
-        <input type="text" name="sms_code" id="sms_code" class="input" size="25" placeholder="Kod SMS" required />
-        <input type="hidden" name="post_id"
-            value="<?php echo esc_html($postId); ?>">
-        <button>Wyślij</button>
-    </form>
+	<p class="message">
+		Aby uzyskać dostęp, wyślij SMS na numer
+		<strong><?php echo esc_html($smsNumber); ?></strong> o treści
+		<strong><?php echo esc_html($smsCode); ?></strong>. Koszt SMS
+		to
+		<strong><?php echo esc_html($smsPrice); ?> zł
+			(brutto)</strong>
+	</p>
+	<form method="post">
+		<?php wp_nonce_field('simpay_nonce', '_simpay_nonce'); ?>
+		<input type="text" name="sms_code" id="sms_code" class="input" size="25" placeholder="Kod SMS" required />
+		<input type="hidden" name="post_id"
+			value="<?php echo esc_html($postId); ?>">
+		<button>Wyślij</button>
+	</form>
 </div>