From 58ca9da7430450bbd5f027a0a6638a3a84e11949 Mon Sep 17 00:00:00 2001
From: gabiermi <gabriele@omnisend.com>
Date: Thu, 28 Mar 2024 19:18:19 +0500
Subject: [PATCH 1/4] some small changes

---
 omnisend/view/connection-form.html    | 134 --------------------------
 omnisend/view/connection-success.html |  19 ----
 omnisend/view/snippet.html            |   4 +-
 3 files changed, 2 insertions(+), 155 deletions(-)
 delete mode 100644 omnisend/view/connection-form.html
 delete mode 100644 omnisend/view/connection-success.html

diff --git a/omnisend/view/connection-form.html b/omnisend/view/connection-form.html
deleted file mode 100644
index 768960f..0000000
--- a/omnisend/view/connection-form.html
+++ /dev/null
@@ -1,134 +0,0 @@
-<div class="omnisend-connect">
-    <form method="post">
-        <?php wp_nonce_field('connect'); ?>
-        <div class="omnisend-spacing-mb-8">
-            <div class="omnisend-icon-wrapper">
-                <svg xmlns="http://www.w3.org/2000/svg" width="32" height="32" viewBox="0 0 32 32" fill="none">
-                    <path
-                        d="M16 0C7.184 0 0 7.184 0 16C0 24.816 7.184 32 16 32C24.816 32 32 24.816 32 16C32 7.184 24.816 0 16 0ZM1.616 16C1.616 13.92 2.064 11.936 2.864 10.144L9.728 28.944C4.928 26.608 1.616 21.696 1.616 16ZM16 30.384C14.592 30.384 13.232 30.176 11.936 29.792L16.256 17.248L20.672 29.36C20.704 29.424 20.736 29.504 20.768 29.552C19.28 30.096 17.68 30.384 16 30.384ZM17.984 9.248C18.848 9.2 19.632 9.104 19.632 9.104C20.4 9.008 20.32 7.872 19.536 7.92C19.536 7.92 17.2 8.096 15.696 8.096C14.288 8.096 11.904 7.92 11.904 7.92C11.136 7.888 11.04 9.072 11.824 9.12C11.824 9.12 12.56 9.216 13.328 9.264L15.568 15.408L12.416 24.848L7.184 9.248C8.048 9.216 8.832 9.12 8.832 9.12C9.6 9.024 9.52 7.888 8.736 7.936C8.736 7.936 6.4 8.112 4.896 8.112C4.624 8.112 4.304 8.112 3.968 8.096C6.56 4.192 10.976 1.616 16 1.616C19.744 1.616 23.152 3.04 25.712 5.392C25.648 5.392 25.584 5.376 25.52 5.376C24.112 5.376 23.104 6.608 23.104 7.936C23.104 9.12 23.792 10.128 24.512 11.312C25.056 12.272 25.696 13.504 25.696 15.28C25.696 16.512 25.216 17.936 24.608 19.936L23.168 24.736L17.984 9.248ZM28.624 9.104C30.4211 12.393 30.8632 16.2537 29.8561 19.8638C28.849 23.474 26.4722 26.5483 23.232 28.432L27.632 15.728C28.448 13.68 28.72 12.032 28.72 10.576C28.72 10.048 28.688 9.552 28.624 9.104Z"
-                        fill="black"
-                    />
-                </svg>
-                <div class="omnisend-spacing-mh-8">
-                    <svg xmlns="http://www.w3.org/2000/svg" width="16" height="16" viewBox="0 0 16 16" fill="none">
-                        <rect x="7" width="2" height="16" fill="#419E9C" />
-                        <rect x="16" y="7" width="2" height="16" transform="rotate(90 16 7)" fill="#419E9C" />
-                    </svg>
-                </div>
-
-                <svg xmlns="http://www.w3.org/2000/svg" width="32" height="32" viewBox="0 0 32 32" fill="none">
-                    <path
-                        d="M26.4485 0H5.5402C2.48237 0 0 2.48149 0 5.53824V26.4392C0 29.4959 2.48237 31.9774 5.5402 31.9774H7.87588H15.0635V27.398C15.0635 22.9877 14.5219 19.5925 11.2384 18.6225V15.013C16.5755 15.4868 19.2271 19.4572 19.2271 25.988V32H23.5712H26.4598C29.5176 32 32 29.5185 32 26.4618V5.53824C31.9887 2.48149 29.5063 0 26.4485 0ZM16.158 11.5502C14.4654 11.5502 13.0889 10.1741 13.0889 8.4822C13.0889 6.79027 14.4654 5.41417 16.158 5.41417C17.8505 5.41417 19.2158 6.79027 19.2158 8.49348C19.2158 10.1854 17.8505 11.5502 16.158 11.5502Z"
-                        fill="#1E2423"
-                    />
-                </svg>
-            </div>
-        </div>
-        <h2 class="omnisend-h2">Connect Omnisend Plugin</h2>
-        <div class="omnisend-spacing-mt-6">
-            <p class="omnisend-paragraph-14">Connect Omnisend plugin to Wordpress to:</p>
-            <div class="omnisend-spacing-mt-4">
-                <ul class="omnisend-bullet-list">
-                    <li>
-                        <span> Automatically import all your WordPress users to Omnisend </span>
-                    </li>
-                    <li>
-                        <span> Collect subscribers through Forms </span>
-                    </li>
-                    <li>
-                        <span> Segment and target your customers </span>
-                    </li>
-                    <li>
-                        <span> Set up behavior-based automations </span>
-                    </li>
-                </ul>
-            </div>
-        </div>
-        <div class="omnisend-spacing-mv-16">
-            <div class="omnisend-divider"></div>
-        </div>
-
-        <h3 class="omnisend-h3">Steps to connect to Omnisend:</h3>
-        <div class="omnisend-spacing-mv-8 omnisend-flex-row">
-            <div class="omnisend-step-number">1</div>
-            <div class="omnisend-spacing-mr-4"></div>
-            <div class="omnisend-grid-column">
-                <div class="omnisend-spacing-mv-1">
-                    <p class="omnisend-paragraph-16">Create Omnisend account</p>
-                </div>
-                <div class="omnisend-spacing-mt-4">
-                    <a
-                        class="omnisend-link-button"
-                        target="_blank"
-                        href="https://app.omnisend.com/registrationv2?utm_source=wordpress_plugin"
-                    >
-                        Go to Omnisend
-                    </a>
-                </div>
-            </div>
-        </div>
-        <div class="omnisend-spacing-ml-12">
-            <div class="omnisend-divider"></div>
-        </div>
-        <div class="omnisend-spacing-mv-8 omnisend-flex-row">
-            <div class="omnisend-step-number">2</div>
-            <div class="omnisend-spacing-mr-4"></div>
-            <div class="omnisend-grid-column">
-                <div class="omnisend-spacing-mv-1">
-                    <p class="omnisend-paragraph-16">Copy the API key from the platform connection instructions</p>
-                </div>
-                <div class="omnisend-spacing-mt-4">
-                    <a
-                        class="omnisend-link-button"
-                        target="_blank"
-                        href="https://app.omnisend.com/apps/connect-store/wordpress?source=wordpress%20plugin"
-                    >
-                        Go to connection instructions</a
-                    >
-                </div>
-            </div>
-        </div>
-        <div class="omnisend-spacing-ml-12">
-            <div class="omnisend-divider"></div>
-        </div>
-        <div class="omnisend-spacing-mv-8 omnisend-flex-row">
-            <div class="omnisend-step-number">3</div>
-            <div class="omnisend-spacing-mr-4"></div>
-            <div class="omnisend-grid-column">
-                <div class="omnisend-spacing-mv-1">
-                    <p class="omnisend-paragraph-16">Paste copied API key here:</p>
-                </div>
-                <div class="omnisend-spacing-mt-4">
-                    <div class="omnisend-flex-row">
-                        <div class="omnisend-row-input-button">
-                            <div class="omnisend-form-field">
-                                <input type="text" name="api_key" placeholder="API key" class="omnisend-form-input" />
-                            </div>
-                            <div class="omnisend-form-field-button">
-                                <button type="submit" value="Connect to Omnisend" class="omnisend-form-button-primary">
-                                    Connect Omnisend
-                                </button>
-                            </div>
-                        </div>
-                    </div>
-                </div>
-            </div>
-        </div>
-        <div class="omnisend-spacing-mt-12">
-            <div class="omnisend-divider"></div>
-        </div>
-        <div class="omnisend-help-wrapper">
-            <div class="omnisend-spacing-pv-6">
-                <span class="omnisend-paragraph-14">Need help? Check our</span>
-                <a
-                    target="_blank"
-                    href="https://support.omnisend.com/en/articles/1640692-integration-with-omnisend-for-wordpress-plugin"
-                    class="omnisend-a"
-                >
-                    Wordpress connection guide
-                </a>
-            </div>
-        </div>
-        <input type="hidden" name="action" value="connect" />
-    </form>
-</div>
diff --git a/omnisend/view/connection-success.html b/omnisend/view/connection-success.html
deleted file mode 100644
index 5e221e7..0000000
--- a/omnisend/view/connection-success.html
+++ /dev/null
@@ -1,19 +0,0 @@
-
-
-
-<div class="omnisend-connect">
-	<div class="omnisend-logo">
-		<img src="<?php echo plugins_url( 'omnisend/assets/img/omnisend-logo.svg' ); ?>" border="0" />
-	</div>
-	<div class="omnisend-spacing-mv-8 ">
-		<h2 class="omnisend-h2">You are connected to Omnisend!</h2>
-	</div>
-	<p class="omnisend-paragraph-14">
-		Head to Omnisend to continue with collecting subscribers through forms, segmenting and targeting your customers and designing email campaigns.
-	</p>
-	<div class="omnisend-spacing-mt-4">
-		<a class="omnisend-link-button omnisend-form-button-primary" target="_blank" href="https://app.omnisend.com/">
-			Go to Omnisend
-		</a>
-	</div>
-</div>
diff --git a/omnisend/view/snippet.html b/omnisend/view/snippet.html
index 79455ca..d4c843b 100644
--- a/omnisend/view/snippet.html
+++ b/omnisend/view/snippet.html
@@ -1,10 +1,10 @@
 <script type="text/javascript">
     window.omnisend = window.omnisend || [];
-    omnisend.push(["accountID", "<?php echo $brand_id ?>"]);
+    omnisend.push(["accountID", "<?php echo esc_js($brand_id); ?>"]);
     omnisend.push(["track", "$pageViewed"]);
     !function(){var e=document.createElement("script");
         e.type="text/javascript",e.async=!0,
-            e.src="<?php echo OMNISEND_CORE_SNIPPET_URL; ?>";
+            e.src="<?php echo esc_js(OMNISEND_CORE_SNIPPET_URL); ?>";
         var t=document.getElementsByTagName("script")[0];
         t.parentNode.insertBefore(e,t)}();
     // platform: wordpress

From 306d00e3f3ba5bbd4e6ca3e4070bf2b3c683fec4 Mon Sep 17 00:00:00 2001
From: gabiermi <gabriele@omnisend.com>
Date: Mon, 8 Apr 2024 17:51:05 +0500
Subject: [PATCH 2/4] add current_user_can checks

---
 omnisend/class-omnisend-core-bootstrap.php      |  4 ++++
 omnisend/includes/Internal/class-connection.php |  5 +++++
 omnisend/view/snippet.html                      | 15 ++++++++-------
 3 files changed, 17 insertions(+), 7 deletions(-)

diff --git a/omnisend/class-omnisend-core-bootstrap.php b/omnisend/class-omnisend-core-bootstrap.php
index 9fe115f..b83fe92 100644
--- a/omnisend/class-omnisend-core-bootstrap.php
+++ b/omnisend/class-omnisend-core-bootstrap.php
@@ -78,6 +78,10 @@ function ( $user_login, $user ) {
 
 
 	public static function omnisend_app_market() {
+		if(!current_user_can('manage_options')){
+			wp_die(__( 'You do not have sufficient permissions to access this page.'));
+		}
+
 		?>
 			<div id="omnisend-app-market"></div>
 		<?php
diff --git a/omnisend/includes/Internal/class-connection.php b/omnisend/includes/Internal/class-connection.php
index 1224d61..6011d40 100644
--- a/omnisend/includes/Internal/class-connection.php
+++ b/omnisend/includes/Internal/class-connection.php
@@ -14,6 +14,10 @@
 class Connection {
 
 	public static function display(): void {
+		if(!current_user_can('manage_options')){
+			wp_die(__( 'You do not have sufficient permissions to access this page.'));
+		}
+
 		Options::set_landing_page_visited();
 
 		if ( self::show_connected_store_view() ) {
@@ -146,6 +150,7 @@ public static function omnisend_post_connection() {
 		// phpcs:ignore WordPress.WP.CapitalPDangit.MisspelledInText
 		$wordpress_platform = 'wordpress'; // WordPress is lowercase as it's required by integration.
 
+		// add current_user_can('manage_options') check
 		if ( ! isset( $_POST['action_nonce'] ) || ! wp_verify_nonce( sanitize_text_field( wp_unslash( $_POST['action_nonce'] ) ), 'connect' ) ) {
 			return rest_ensure_response(
 				array(
diff --git a/omnisend/view/snippet.html b/omnisend/view/snippet.html
index d4c843b..bc04c11 100644
--- a/omnisend/view/snippet.html
+++ b/omnisend/view/snippet.html
@@ -1,12 +1,13 @@
 <script type="text/javascript">
     window.omnisend = window.omnisend || [];
-    omnisend.push(["accountID", "<?php echo esc_js($brand_id); ?>"]);
-    omnisend.push(["track", "$pageViewed"]);
-    !function(){var e=document.createElement("script");
-        e.type="text/javascript",e.async=!0,
-            e.src="<?php echo esc_js(OMNISEND_CORE_SNIPPET_URL); ?>";
-        var t=document.getElementsByTagName("script")[0];
-        t.parentNode.insertBefore(e,t)}();
+    omnisend.push(['accountID', '<?php echo sanitize_text_field($brand_id); ?>']);
+    omnisend.push(['track', '$pageViewed']);
+    !(function () {
+        var e = document.createElement('script');
+        (e.type = 'text/javascript'), (e.async = !0), (e.src = '<?php echo OMNISEND_CORE_SNIPPET_URL ?>');
+        var t = document.getElementsByTagName('script')[0];
+        t.parentNode.insertBefore(e, t);
+    })();
     // platform: wordpress
     // plugin version: <?php echo OMNISEND_CORE_PLUGIN_VERSION ?>
 </script>

From f3ce01172b77887608fcd76124164b79e557e5a5 Mon Sep 17 00:00:00 2001
From: gabiermi <gabriele@omnisend.com>
Date: Tue, 9 Apr 2024 12:56:51 +0500
Subject: [PATCH 3/4] refactor styles

---
 composer.lock                                 |  22 +-
 omnisend/class-omnisend-core-bootstrap.php    |   4 +-
 .../includes/Internal/class-connection.php    |   4 +-
 omnisend/styles/styles.css                    | 246 +-----------------
 4 files changed, 17 insertions(+), 259 deletions(-)

diff --git a/composer.lock b/composer.lock
index e081285..cff7966 100644
--- a/composer.lock
+++ b/composer.lock
@@ -809,16 +809,16 @@
         },
         {
             "name": "phpunit/phpunit",
-            "version": "10.5.16",
+            "version": "10.5.17",
             "source": {
                 "type": "git",
                 "url": "https://github.com/sebastianbergmann/phpunit.git",
-                "reference": "18f8d4a5f52b61fdd9370aaae3167daa0eeb69cd"
+                "reference": "c1f736a473d21957ead7e94fcc029f571895abf5"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/sebastianbergmann/phpunit/zipball/18f8d4a5f52b61fdd9370aaae3167daa0eeb69cd",
-                "reference": "18f8d4a5f52b61fdd9370aaae3167daa0eeb69cd",
+                "url": "https://api.github.com/repos/sebastianbergmann/phpunit/zipball/c1f736a473d21957ead7e94fcc029f571895abf5",
+                "reference": "c1f736a473d21957ead7e94fcc029f571895abf5",
                 "shasum": ""
             },
             "require": {
@@ -890,7 +890,7 @@
             "support": {
                 "issues": "https://github.com/sebastianbergmann/phpunit/issues",
                 "security": "https://github.com/sebastianbergmann/phpunit/security/policy",
-                "source": "https://github.com/sebastianbergmann/phpunit/tree/10.5.16"
+                "source": "https://github.com/sebastianbergmann/phpunit/tree/10.5.17"
             },
             "funding": [
                 {
@@ -906,7 +906,7 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2024-03-28T10:08:10+00:00"
+            "time": "2024-04-05T04:39:01+00:00"
         },
         {
             "name": "sebastian/cli-parser",
@@ -1826,16 +1826,16 @@
         },
         {
             "name": "squizlabs/php_codesniffer",
-            "version": "3.9.0",
+            "version": "3.9.1",
             "source": {
                 "type": "git",
                 "url": "https://github.com/PHPCSStandards/PHP_CodeSniffer.git",
-                "reference": "d63cee4890a8afaf86a22e51ad4d97c91dd4579b"
+                "reference": "267a4405fff1d9c847134db3a3c92f1ab7f77909"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/PHPCSStandards/PHP_CodeSniffer/zipball/d63cee4890a8afaf86a22e51ad4d97c91dd4579b",
-                "reference": "d63cee4890a8afaf86a22e51ad4d97c91dd4579b",
+                "url": "https://api.github.com/repos/PHPCSStandards/PHP_CodeSniffer/zipball/267a4405fff1d9c847134db3a3c92f1ab7f77909",
+                "reference": "267a4405fff1d9c847134db3a3c92f1ab7f77909",
                 "shasum": ""
             },
             "require": {
@@ -1902,7 +1902,7 @@
                     "type": "open_collective"
                 }
             ],
-            "time": "2024-02-16T15:06:51+00:00"
+            "time": "2024-03-31T21:03:09+00:00"
         },
         {
             "name": "theseer/tokenizer",
diff --git a/omnisend/class-omnisend-core-bootstrap.php b/omnisend/class-omnisend-core-bootstrap.php
index 6e5f8b1..d041284 100644
--- a/omnisend/class-omnisend-core-bootstrap.php
+++ b/omnisend/class-omnisend-core-bootstrap.php
@@ -81,8 +81,8 @@ function ( $user_login, $user ) {
 
 
 	public static function omnisend_app_market() {
-		if(!current_user_can('manage_options')){
-			wp_die(__( 'You do not have sufficient permissions to access this page.'));
+		if ( ! current_user_can( 'manage_options' ) ) {
+			wp_die( __( 'You do not have sufficient permissions to access this page.' ) );
 		}
 
 		?>
diff --git a/omnisend/includes/Internal/class-connection.php b/omnisend/includes/Internal/class-connection.php
index 6011d40..ca8d6d9 100644
--- a/omnisend/includes/Internal/class-connection.php
+++ b/omnisend/includes/Internal/class-connection.php
@@ -14,8 +14,8 @@
 class Connection {
 
 	public static function display(): void {
-		if(!current_user_can('manage_options')){
-			wp_die(__( 'You do not have sufficient permissions to access this page.'));
+		if ( ! current_user_can( 'manage_options' ) ) {
+			wp_die( __( 'You do not have sufficient permissions to access this page.' ) );
 		}
 
 		Options::set_landing_page_visited();
diff --git a/omnisend/styles/styles.css b/omnisend/styles/styles.css
index f9912f3..4b4a6fe 100644
--- a/omnisend/styles/styles.css
+++ b/omnisend/styles/styles.css
@@ -90,18 +90,6 @@
 	margin-bottom: 24px;
 }
 
-.omnisend-paragraph-16 {
-	margin: 0;
-	font-weight: 400;
-	color: #1e2423;
-	font-family: Roboto;
-	font-size: 16px;
-	font-stretch: normal;
-	font-style: normal;
-	letter-spacing: normal;
-	line-height: 24px;
-}
-
 .omnisend-landing-h1 {
 	margin: 0;
 	color: #1e2423;
@@ -139,30 +127,6 @@
 	line-height: 40px;
 }
 
-.omnisend-h2 {
-	margin: 0;
-	color: #1e2423;
-	font-family: Roboto;
-	font-stretch: normal;
-	font-style: normal;
-	font-weight: 500;
-	letter-spacing: normal;
-	font-size: 32px;
-	line-height: 40px;
-}
-
-.omnisend-h3 {
-	margin: 0;
-	font-size: 24px;
-	color: #1e2423;
-	font-family: Roboto;
-	font-stretch: normal;
-	font-style: normal;
-	font-weight: 500;
-	letter-spacing: normal;
-	line-height: 32px;
-}
-
 .omnisend-paragraph-14 {
 	margin: 0;
 	font-weight: 300;
@@ -175,64 +139,6 @@
 	line-height: 24px;
 }
 
-.omnisend-grid-column {
-	box-sizing: border-box;
-	flex-basis: 0;
-	flex-grow: 1;
-	max-width: 100%;
-	display: flex;
-	flex-direction: column;
-	padding: 0;
-}
-
-.omnisend-flex-row {
-	display: flex;
-}
-
-.omnisend-row-input-button {
-	box-sizing: border-box;
-	display: flex;
-	flex: 0 1 auto;
-	flex-flow: wrap;
-	flex-direction: row;
-	margin: 0 auto;
-	width: 100%;
-	gap: 16px;
-	align-items: flex-end;
-}
-
-.omnisend-link-button {
-	background: none;
-	font: inherit;
-	align-items: center;
-	border-radius: 8px;
-	box-sizing: border-box;
-	cursor: pointer;
-	display: flex;
-	flex-wrap: nowrap;
-	font-family: Roboto;
-	font-size: 14px;
-	font-stretch: normal;
-	font-style: normal;
-	font-weight: 400;
-	gap: 8px;
-	height: 40px;
-	justify-content: center;
-	letter-spacing: normal;
-	line-height: 24px;
-	outline: none;
-	padding: 8px 16px;
-	position: relative;
-	text-decoration: none;
-	transition:
-	background-color 0.1s ease-in-out,
-	color 0.1s ease-in-out;
-	white-space: nowrap;
-	border: 1px solid #35938f;
-	color: #35938f;
-	width: fit-content;
-}
-
 .omnisend-text-body {
 	font-family: Roboto;
 	font-size: 22px;
@@ -347,133 +253,11 @@
 	height: auto;
 }
 
-.omnisend-link-button {
-	background: none;
-	font: inherit;
-	align-items: center;
-	border-radius: 8px;
-	box-sizing: border-box;
-	cursor: pointer;
-	display: flex;
-	flex-wrap: nowrap;
-	font-family: Roboto;
-	font-size: 14px;
-	font-stretch: normal;
-	font-style: normal;
-	font-weight: 400;
-	gap: 8px;
-	height: 40px;
-	justify-content: center;
-	letter-spacing: normal;
-	line-height: 24px;
-	outline: none;
-	padding: 8px 16px;
-	position: relative;
-	text-decoration: none;
-	transition:
-	background-color 0.1s ease-in-out,
-	color 0.1s ease-in-out;
-	white-space: nowrap;
-	border: 1px solid #35938f;
-	color: #35938f;
-	width: fit-content;
-}
-
-.omnisend-step-number {
-	align-items: center;
-	background: #35938f;
-	border-radius: 50%;
-	color: #fff;
-	display: flex;
-	font-family: Roboto;
-	font-size: 16px;
-	height: 32px;
-	justify-content: center;
-	min-width: 32px;
-	width: 32px;
-}
-
 .omnisend-divider {
 	border: 0;
 	border-bottom: 1px solid #b6b6b6;
 }
 
-.omnisend-form-input {
-	appearance: none;
-	background-color: white;
-	border: 1px solid #b6b6b6;
-	border-radius: 8px;
-	box-sizing: border-box;
-	color: #1e2423;
-	display: flex;
-	font-family: Roboto;
-	font-size: 14px;
-	font-stretch: normal;
-	font-style: normal;
-	font-weight: 400;
-	height: 40px;
-	letter-spacing: normal;
-	line-height: 24px;
-	outline: none;
-	padding: 8px 16px;
-	position: relative;
-	transition: border-color 0.1s linear;
-	width: 100%;
-}
-
-.omnisend-form-field {
-	display: flex;
-	flex-grow: 8;
-	flex-direction: column;
-	max-width: 100%;
-}
-
-.omnisend-form-field > input {
-	border-radius: 8px;
-	border: 1px solid #b6b6b6;
-	background: #fff;
-}
-
-.omnisend-form-field-button {
-	box-sizing: border-box;
-	max-width: 100%;
-	flex: 0 1;
-	display: flex;
-	flex-direction: column;
-	padding: 0;
-}
-
-.omnisend-form-button-primary {
-	background: none;
-	font: inherit;
-	align-items: center;
-	border-radius: 8px;
-	box-sizing: border-box;
-	cursor: pointer;
-	display: flex;
-	flex-wrap: nowrap;
-	font-family: Roboto;
-	font-size: 14px;
-	font-stretch: normal;
-	font-style: normal;
-	font-weight: 400;
-	gap: 8px;
-	height: 40px;
-	justify-content: center;
-	letter-spacing: normal;
-	line-height: 24px;
-	outline: none;
-	padding: 8px 16px;
-	position: relative;
-	transition:
-	background-color 0.1s ease-in-out,
-	color 0.1s ease-in-out;
-	white-space: nowrap;
-	background-color: #35938f;
-	border: 1px solid #35938f;
-	color: #fff;
-}
-
 .omnisend-landing-text-microcopy {
 	font-family: Roboto;
 	font-size: 13px;
@@ -495,7 +279,7 @@
 }
 
 .omnisend-bullet-list li:before {
-	content: "";
+	content: '';
 	width: 5px;
 	height: 5px;
 	border-radius: 50%;
@@ -522,32 +306,6 @@
 	align-items: center;
 }
 
-.omnisend-help-wrapper {
-	box-sizing: border-box;
-	display: flex;
-	flex: 0 1 auto;
-	flex-flow: wrap;
-	flex-direction: row;
-	margin: 0 auto;
-	width: 100%;
-}
-
-.omnisend-a {
-	outline: none;
-	text-decoration: none;
-	transition: color 0.1s;
-	align-items: center;
-	gap: 8px;
-	color: #35938f;
-	font-family: Roboto;
-	font-stretch: normal;
-	font-style: normal;
-	letter-spacing: normal;
-	line-height: 24px;
-	font-size: 14px;
-	font-weight: 400;
-}
-
 .omnisend-landing-page-text {
 	max-width: 880px;
 }
@@ -571,7 +329,7 @@
 
 @media only screen and (max-width: 1300px) {
 	.omnisend-landing-page-banner-sticker {
-	display: none;
+		display: none;
 	}
 }
 

From 8b7f5af61bda4ca5e7ad9c46642209b43715a993 Mon Sep 17 00:00:00 2001
From: gabiermi <gabriele@omnisend.com>
Date: Wed, 10 Apr 2024 09:47:16 +0500
Subject: [PATCH 4/4] add security restrictions for current user

---
 omnisend/class-omnisend-core-bootstrap.php      |  2 +-
 omnisend/includes/Internal/class-connection.php | 12 ++++++++++--
 2 files changed, 11 insertions(+), 3 deletions(-)

diff --git a/omnisend/class-omnisend-core-bootstrap.php b/omnisend/class-omnisend-core-bootstrap.php
index d041284..72e937e 100644
--- a/omnisend/class-omnisend-core-bootstrap.php
+++ b/omnisend/class-omnisend-core-bootstrap.php
@@ -82,7 +82,7 @@ function ( $user_login, $user ) {
 
 	public static function omnisend_app_market() {
 		if ( ! current_user_can( 'manage_options' ) ) {
-			wp_die( __( 'You do not have sufficient permissions to access this page.' ) );
+			wp_die( esc_html__( 'You do not have sufficient permissions to access this page.' ) );
 		}
 
 		?>
diff --git a/omnisend/includes/Internal/class-connection.php b/omnisend/includes/Internal/class-connection.php
index ca8d6d9..ca3c920 100644
--- a/omnisend/includes/Internal/class-connection.php
+++ b/omnisend/includes/Internal/class-connection.php
@@ -15,7 +15,7 @@ class Connection {
 
 	public static function display(): void {
 		if ( ! current_user_can( 'manage_options' ) ) {
-			wp_die( __( 'You do not have sufficient permissions to access this page.' ) );
+			wp_die( esc_html__( 'You do not have sufficient permissions to access this page.' ) );
 		}
 
 		Options::set_landing_page_visited();
@@ -150,7 +150,15 @@ public static function omnisend_post_connection() {
 		// phpcs:ignore WordPress.WP.CapitalPDangit.MisspelledInText
 		$wordpress_platform = 'wordpress'; // WordPress is lowercase as it's required by integration.
 
-		// add current_user_can('manage_options') check
+		if ( ! current_user_can( 'manage_options' ) ) {
+			return rest_ensure_response(
+				array(
+					'success' => false,
+					'error'   => 'You do not have sufficient permissions to perform this action.',
+				)
+			);
+		}
+
 		if ( ! isset( $_POST['action_nonce'] ) || ! wp_verify_nonce( sanitize_text_field( wp_unslash( $_POST['action_nonce'] ) ), 'connect' ) ) {
 			return rest_ensure_response(
 				array(