Small bug – check for cscf_nonce

  • Hi,

    Thank you for creating this plugin!

    I noticed a small bug:
    PHP Warning:? Undefined array key "cscf_nonce" in /var/www/html/wp-content/plugins/clean-and-simple-contact-form-by-meg-nicholas/class.cscf_contact.php on line 80

    Specifically here:

    //check nonce
                    if ( ! wp_verify_nonce( $_POST['cscf_nonce'], 'cscf_contact' ) ) {
                            return false;
                    }

    I believe this could be fixed by checking if the $_POST[‘cscf_nounce’] is set first, ex:

    // Check if 'cscf_nonce' is set and then verify nonce
    if ( isset( $_POST['cscf_nonce'] ) && wp_verify_nonce( $_POST['cscf_nonce'], 'cscf_contact' ) ) {
        // proceed with the form processing
    } else {
        return false;
    }

    Curious why the nonce is not set too.
    Anyway, just wanted to mention in case you are aware of this already.

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Author Alan Fuller

    (@alanfuller)

    Not so much a bug a warning ??

    As you may be aware I adopted this plugin so not 100% familiar with all the design choices but from what I can see is, if a page that contains the shortcode is rendered the nonce is checked as a way of detecting a non ajax submission, and if the page is NOT a submission you would get the warning. A sort of design issue.

    I’ll add that to the list.


    Thread Starter ventz

    (@ventz)

    @alanfuller Ah – did not know you adopted it.

    Thanks for adding it.

Viewing 2 replies - 1 through 2 (of 2 total)
  • You must be logged in to reply to this topic.