diff --git a/composer.json b/composer.json
index 65b8189..3a9c8a4 100644
--- a/composer.json
+++ b/composer.json
@@ -1,6 +1,6 @@
{
"name": "simpay/simpay-wordpress",
- "version": "2.2.3",
+ "version": "2.2.4",
"type": "library",
"require": {
"simpaypl/simpay": "^2.2"
diff --git a/readme.txt b/readme.txt
index a5fa78f..0514159 100644
--- a/readme.txt
+++ b/readme.txt
@@ -4,7 +4,7 @@ Donate link: https://darkgl.pl/
Tags: simpay, payments, directbiling, sms
Requires at least: 6.0
Tested up to: 6.6.1
-Stable tag: 2.2.3
+Stable tag: 2.2.4
Requires PHP: 8.1
License: GPLv2 or later
License URI: https://www.gnu.org/licenses/gpl-2.0.html
diff --git a/simpay-wordpress.php b/simpay-wordpress.php
index c1ccb99..a78b5de 100644
--- a/simpay-wordpress.php
+++ b/simpay-wordpress.php
@@ -4,7 +4,7 @@
* Plugin Name: SimPay Wordpress
* Plugin URI: https://simpay.pl
* Description: Use SimPay SMS service to use during registration or access to the post.
- * Version: 2.2.3
+ * Version: 2.2.4
* Author: SimPay
* Author URI: https://simpay.pl
* License: GPL-2.0+
diff --git a/src/Modules/PaywallMode/Hooks/AddPaywallOnPost.php b/src/Modules/PaywallMode/Hooks/AddPaywallOnPost.php
index 2c2c097..d4bb01d 100644
--- a/src/Modules/PaywallMode/Hooks/AddPaywallOnPost.php
+++ b/src/Modules/PaywallMode/Hooks/AddPaywallOnPost.php
@@ -85,6 +85,10 @@ private function showNotLoggedInAlert(): string
*/
private function handlePaywallForm(mixed $wpQuery): ?string
{
+ if (!isset($_POST['_simpay_nonce']) || !wp_verify_nonce($_POST['_simpay_nonce'], 'simpay_paywall_nonce')) {
+ return '';
+ }
+
if (isset($_POST['sms_code'])) {
if ($error = $this->validateSmsForm()) {
$this->renderSimPayPaymentForm(get_the_ID(), $error);
@@ -138,6 +142,7 @@ public function renderSimPayPaymentForm(int $postId, string $error = null): void
'smsNumber' => $smsNumber->getNumber(),
'smsPrice' => $smsNumber->getPriceGross(),
'smsCode' => $this->simPayService->getSmsCode()->getCode(),
+ '_simpay_nonce' => wp_create_nonce('simpay_paywall_nonce'),
]);
}
diff --git a/view/admin/settings/partials/field-checkbox.php b/view/admin/settings/partials/field-checkbox.php
index 48a0c2a..48bfc67 100644
--- a/view/admin/settings/partials/field-checkbox.php
+++ b/view/admin/settings/partials/field-checkbox.php
@@ -5,5 +5,5 @@
>
\ No newline at end of file
diff --git a/view/admin/settings/partials/field-input.php b/view/admin/settings/partials/field-input.php
index 98d6864..e69b656 100644
--- a/view/admin/settings/partials/field-input.php
+++ b/view/admin/settings/partials/field-input.php
@@ -13,9 +13,10 @@
$args = array_merge($defaultArgs, $args);
?>
-
\ No newline at end of file
+
\ No newline at end of file
diff --git a/view/admin/settings/partials/field-select.php b/view/admin/settings/partials/field-select.php
index 215c4d5..8925390 100644
--- a/view/admin/settings/partials/field-select.php
+++ b/view/admin/settings/partials/field-select.php
@@ -21,9 +21,9 @@ class='post_form'
$disabledReason = '';
}
?>
-
\ No newline at end of file
diff --git a/view/public/paywall/access-denied-alert.php b/view/public/paywall/access-denied-alert.php
index 432c550..9d1ad7f 100644
--- a/view/public/paywall/access-denied-alert.php
+++ b/view/public/paywall/access-denied-alert.php
@@ -7,7 +7,7 @@
Dostęp do treści na tej stronie jest zarezerwowany tylko dla płatnych użytkowników.
-
+
diff --git a/view/public/paywall/payment-form.php b/view/public/paywall/payment-form.php
index 076065e..78c6760 100644
--- a/view/public/paywall/payment-form.php
+++ b/view/public/paywall/payment-form.php
@@ -5,11 +5,14 @@