From 68f60e3f42db9e95bab3cbbf697aee476e1f3dad Mon Sep 17 00:00:00 2001
From: Nerijus Zaniauskas <nerijus.z@omnisend.com>
Date: Tue, 27 Aug 2024 17:37:12 +0300
Subject: [PATCH 01/11] Remove logging to error log

---
 omnisend/includes/Internal/V1/class-client.php | 4 ----
 1 file changed, 4 deletions(-)

diff --git a/omnisend/includes/Internal/V1/class-client.php b/omnisend/includes/Internal/V1/class-client.php
index d92bf41..364f95d 100644
--- a/omnisend/includes/Internal/V1/class-client.php
+++ b/omnisend/includes/Internal/V1/class-client.php
@@ -66,7 +66,6 @@ public function create_contact( $contact ): CreateContactResponse {
 		);
 
 		if ( is_wp_error( $response ) ) {
-			error_log('wp_remote_post error: ' . $response->get_error_message()); // phpcs:ignore
 			return new CreateContactResponse( '', $response );
 		}
 
@@ -126,7 +125,6 @@ public function save_contact( Contact $contact ): SaveContactResponse {
 		);
 
 		if ( is_wp_error( $response ) ) {
-			error_log( 'wp_remote_post error: ' . $response->get_error_message() ); // phpcs:ignore
 			return new SaveContactResponse( '', $response );
 		}
 
@@ -171,7 +169,6 @@ public function get_contact_by_email( string $email ): GetContactResponse {
 		);
 
 		if ( is_wp_error( $response ) ) {
-			error_log( 'wp_remote_post error: ' . $response->get_error_message() ); // phpcs:ignore
 			return new GetContactResponse( null, $error );
 		}
 
@@ -231,7 +228,6 @@ public function send_customer_event( $event ): SendCustomerEventResponse {
 		);
 
 		if ( is_wp_error( $response ) ) {
-			error_log( 'wp_remote_post error: ' . $response->get_error_message() ); // phpcs:ignore
 			return new SendCustomerEventResponse( $response );
 		}
 

From 8c753f6bbb4d40e375f4d0b1a20267b4cefef39e Mon Sep 17 00:00:00 2001
From: Nerijus Zaniauskas <nerijus.z@omnisend.com>
Date: Wed, 28 Aug 2024 12:06:47 +0300
Subject: [PATCH 02/11] Fix cron schedules not detected issue

---
 omnisend/class-omnisend-core-bootstrap.php | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/omnisend/class-omnisend-core-bootstrap.php b/omnisend/class-omnisend-core-bootstrap.php
index 6e78bb7..cff9888 100644
--- a/omnisend/class-omnisend-core-bootstrap.php
+++ b/omnisend/class-omnisend-core-bootstrap.php
@@ -50,8 +50,7 @@
 class Omnisend_Core_Bootstrap {
 	public static function load(): void {
 		self::load_react();
-		// phpcs:ignore because linter could not detect internal, but it is fine
-		add_filter('cron_schedules', 'Omnisend_Core_Bootstrap::cron_schedules'); // phpcs:ignore
+		add_filter( 'cron_schedules', array( 'Omnisend_Core_Bootstrap', 'cron_schedules' ) );
 		add_action( 'rest_api_init', 'Omnisend_Core_Bootstrap::omnisend_register_connection_routes' );
 		add_action( 'in_admin_header', 'Omnisend_Core_Bootstrap::hide_notices' );
 

From e37bf03c452a7a15d56a5836fea69153eb64d0e5 Mon Sep 17 00:00:00 2001
From: Nerijus Zaniauskas <nerijus.z@omnisend.com>
Date: Wed, 28 Aug 2024 12:30:51 +0300
Subject: [PATCH 03/11] Fix issues

---
 omnisend/includes/Internal/class-connection.php | 9 ++++-----
 omnisend/includes/Internal/class-sync.php       | 1 +
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/omnisend/includes/Internal/class-connection.php b/omnisend/includes/Internal/class-connection.php
index b6bfa90..c81b99b 100644
--- a/omnisend/includes/Internal/class-connection.php
+++ b/omnisend/includes/Internal/class-connection.php
@@ -41,17 +41,16 @@ public static function display(): void {
 		require_once __DIR__ . '/../../view/landing-page.html';
 	}
 
-	public static function resolve_wordpress_settings() {
+	public static function resolve_wordpress_settings(): void {
 		$url      = 'https://api.omnisend.com/wordpress/settings?version=' . OMNISEND_CORE_PLUGIN_VERSION;
 		$response = wp_remote_get( $url );
 
 		if ( ! is_wp_error( $response ) ) {
 			$body = wp_remote_retrieve_body( $response );
 
-			$data = json_decode( $body );
-			// ignore phpcs warning as it's response from API.
-			if ( ! empty( $data->exploreOmnisendLink ) ) { // phpcs:ignore 
-				self::$landing_page_url = $data->exploreOmnisendLink; // phpcs:ignore 
+			$data = json_decode( $body, true );
+			if ( ! empty( $data['exploreOmnisendLink'] ) ) {
+				self::$landing_page_url = $data['exploreOmnisendLink'];
 			}
 		}
 	}
diff --git a/omnisend/includes/Internal/class-sync.php b/omnisend/includes/Internal/class-sync.php
index fc17684..d3b4059 100644
--- a/omnisend/includes/Internal/class-sync.php
+++ b/omnisend/includes/Internal/class-sync.php
@@ -37,6 +37,7 @@ public static function sync_contacts( int $limit = 100 ): void {
 		$wp_user_query = new \WP_User_Query(
 			array(
 				'number'     => $limit,
+				// meta_query is required to work as sync information is stored in contact metadata.
 				'meta_query' => array( // phpcs:ignore WordPress.DB.SlowDBQuery.slow_db_query_meta_query
 					'relation' => 'OR',
 					array(

From efc1612aa7489a1bc3b6e096b9ff8ba1753a6877 Mon Sep 17 00:00:00 2001
From: Nerijus Zaniauskas <nerijus.z@omnisend.com>
Date: Wed, 28 Aug 2024 12:36:08 +0300
Subject: [PATCH 04/11] Code style

---
 omnisend/includes/Internal/class-connection.php | 16 +++++++---------
 1 file changed, 7 insertions(+), 9 deletions(-)

diff --git a/omnisend/includes/Internal/class-connection.php b/omnisend/includes/Internal/class-connection.php
index c81b99b..5ed6f9a 100644
--- a/omnisend/includes/Internal/class-connection.php
+++ b/omnisend/includes/Internal/class-connection.php
@@ -243,15 +243,13 @@ public static function omnisend_post_connection() {
 				);
 			}
 
-			if ( ! $connected ) {
-				Options::disconnect(); // Store was not connected, clean up.
-				return rest_ensure_response(
-					array(
-						'success' => false,
-						'error'   => 'The connection didn’t go through. Check if the API key is correct.',
-					)
-				);
-			}
+			Options::disconnect(); // Store was not connected, clean up.
+			return rest_ensure_response(
+				array(
+					'success' => false,
+					'error'   => 'The connection didn’t go through. Check if the API key is correct.',
+				)
+			);
 		}
 
 		return rest_ensure_response(

From b2d9595f2bb25fbc938723bec107fad323602b65 Mon Sep 17 00:00:00 2001
From: Nerijus Zaniauskas <nerijus.z@omnisend.com>
Date: Wed, 28 Aug 2024 12:39:18 +0300
Subject: [PATCH 05/11] Fix grammar

---
 omnisend/includes/Internal/class-connection.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/omnisend/includes/Internal/class-connection.php b/omnisend/includes/Internal/class-connection.php
index 5ed6f9a..8817e22 100644
--- a/omnisend/includes/Internal/class-connection.php
+++ b/omnisend/includes/Internal/class-connection.php
@@ -247,7 +247,7 @@ public static function omnisend_post_connection() {
 			return rest_ensure_response(
 				array(
 					'success' => false,
-					'error'   => 'The connection didn’t go through. Check if the API key is correct.',
+					'error'   => 'The connection did not go through. Check if the API key is correct.',
 				)
 			);
 		}

From cd63c528dc7c2dc94ff30c9dcd5f798e5c3ac6d4 Mon Sep 17 00:00:00 2001
From: Nerijus Zaniauskas <nerijus.z@omnisend.com>
Date: Wed, 28 Aug 2024 12:39:43 +0300
Subject: [PATCH 06/11] Fix grammar

---
 omnisend/includes/Internal/class-connection.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/omnisend/includes/Internal/class-connection.php b/omnisend/includes/Internal/class-connection.php
index 8817e22..3ca2b4e 100644
--- a/omnisend/includes/Internal/class-connection.php
+++ b/omnisend/includes/Internal/class-connection.php
@@ -204,7 +204,7 @@ public static function omnisend_post_connection() {
 				return rest_ensure_response(
 					array(
 						'success' => false,
-						'error'   => 'The connection didn’t go through. Check if the API key is correct.',
+						'error'   => 'The connection did not go through. Check if the API key is correct.',
 					)
 				);
 			}

From bd1159f67b5d570320fc88cf0a0b65e72336d995 Mon Sep 17 00:00:00 2001
From: Nerijus Zaniauskas <nerijus.z@omnisend.com>
Date: Wed, 28 Aug 2024 12:49:04 +0300
Subject: [PATCH 07/11] Change WP contacts sync interval

Change cron interval from 1 minute to 15 minutes
---
 omnisend/class-omnisend-core-bootstrap.php      | 8 ++++----
 omnisend/includes/Internal/class-connection.php | 2 +-
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/omnisend/class-omnisend-core-bootstrap.php b/omnisend/class-omnisend-core-bootstrap.php
index cff9888..1b96fd1 100644
--- a/omnisend/class-omnisend-core-bootstrap.php
+++ b/omnisend/class-omnisend-core-bootstrap.php
@@ -28,7 +28,7 @@
 const OMNISEND_CORE_PLUGIN_NAME    = 'Email Marketing by Omnisend';
 const OMNISEND_MENU_TITLE          = 'Omnisend Email Marketing';
 
-const OMNISEND_CORE_CRON_SCHEDULE_EVERY_MINUTE = 'omni_send_core_every_minute';
+const OMNISEND_CORE_CRON_SCHEDULE_EVERY_15_MINUTES = 'omni_send_core_every_15_minutes';
 
 const OMNISEND_CORE_CRON_SYNC_CONTACT = 'omni_send_cron_sync_contacts';
 
@@ -146,9 +146,9 @@ public static function add_links_in_plugin_settings( $actions ) {
 	}
 
 	public static function cron_schedules( $schedules ) {
-		$schedules[ OMNISEND_CORE_CRON_SCHEDULE_EVERY_MINUTE ] = array(
-			'interval' => 60,
-			'display'  => __( 'Every minute', 'omnisend' ),
+		$schedules[ OMNISEND_CORE_CRON_SCHEDULE_EVERY_15_MINUTES ] = array(
+			'interval' => 60 * 15,
+			'display'  => __( 'Every 15 minutes', 'omnisend' ),
 		);
 
 		return $schedules;
diff --git a/omnisend/includes/Internal/class-connection.php b/omnisend/includes/Internal/class-connection.php
index 3ca2b4e..efb6904 100644
--- a/omnisend/includes/Internal/class-connection.php
+++ b/omnisend/includes/Internal/class-connection.php
@@ -233,7 +233,7 @@ public static function omnisend_post_connection() {
 				Options::set_store_connected();
 
 				if ( ! wp_next_scheduled( OMNISEND_CORE_CRON_SYNC_CONTACT ) && ! Omnisend_Core_Bootstrap::is_omnisend_woocommerce_plugin_connected() ) {
-					wp_schedule_event( time(), OMNISEND_CORE_CRON_SCHEDULE_EVERY_MINUTE, OMNISEND_CORE_CRON_SYNC_CONTACT );
+					wp_schedule_event( time(), OMNISEND_CORE_CRON_SCHEDULE_EVERY_15_MINUTES, OMNISEND_CORE_CRON_SYNC_CONTACT );
 				}
 				return rest_ensure_response(
 					array(

From ecf01454f098adb89a95602a84eb9f0e630d168d Mon Sep 17 00:00:00 2001
From: Nerijus Zaniauskas <nerijus.z@omnisend.com>
Date: Wed, 28 Aug 2024 12:54:55 +0300
Subject: [PATCH 08/11] Revert "Change WP contacts sync interval"

This reverts commit bd1159f67b5d570320fc88cf0a0b65e72336d995.
---
 omnisend/class-omnisend-core-bootstrap.php      | 8 ++++----
 omnisend/includes/Internal/class-connection.php | 2 +-
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/omnisend/class-omnisend-core-bootstrap.php b/omnisend/class-omnisend-core-bootstrap.php
index 1b96fd1..cff9888 100644
--- a/omnisend/class-omnisend-core-bootstrap.php
+++ b/omnisend/class-omnisend-core-bootstrap.php
@@ -28,7 +28,7 @@
 const OMNISEND_CORE_PLUGIN_NAME    = 'Email Marketing by Omnisend';
 const OMNISEND_MENU_TITLE          = 'Omnisend Email Marketing';
 
-const OMNISEND_CORE_CRON_SCHEDULE_EVERY_15_MINUTES = 'omni_send_core_every_15_minutes';
+const OMNISEND_CORE_CRON_SCHEDULE_EVERY_MINUTE = 'omni_send_core_every_minute';
 
 const OMNISEND_CORE_CRON_SYNC_CONTACT = 'omni_send_cron_sync_contacts';
 
@@ -146,9 +146,9 @@ public static function add_links_in_plugin_settings( $actions ) {
 	}
 
 	public static function cron_schedules( $schedules ) {
-		$schedules[ OMNISEND_CORE_CRON_SCHEDULE_EVERY_15_MINUTES ] = array(
-			'interval' => 60 * 15,
-			'display'  => __( 'Every 15 minutes', 'omnisend' ),
+		$schedules[ OMNISEND_CORE_CRON_SCHEDULE_EVERY_MINUTE ] = array(
+			'interval' => 60,
+			'display'  => __( 'Every minute', 'omnisend' ),
 		);
 
 		return $schedules;
diff --git a/omnisend/includes/Internal/class-connection.php b/omnisend/includes/Internal/class-connection.php
index efb6904..3ca2b4e 100644
--- a/omnisend/includes/Internal/class-connection.php
+++ b/omnisend/includes/Internal/class-connection.php
@@ -233,7 +233,7 @@ public static function omnisend_post_connection() {
 				Options::set_store_connected();
 
 				if ( ! wp_next_scheduled( OMNISEND_CORE_CRON_SYNC_CONTACT ) && ! Omnisend_Core_Bootstrap::is_omnisend_woocommerce_plugin_connected() ) {
-					wp_schedule_event( time(), OMNISEND_CORE_CRON_SCHEDULE_EVERY_15_MINUTES, OMNISEND_CORE_CRON_SYNC_CONTACT );
+					wp_schedule_event( time(), OMNISEND_CORE_CRON_SCHEDULE_EVERY_MINUTE, OMNISEND_CORE_CRON_SYNC_CONTACT );
 				}
 				return rest_ensure_response(
 					array(

From 3c2601617cce1dde9473ec88cee98027f2514e6d Mon Sep 17 00:00:00 2001
From: Nerijus Zaniauskas <nerijus.z@omnisend.com>
Date: Wed, 28 Aug 2024 12:58:41 +0300
Subject: [PATCH 09/11] Add comment

---
 omnisend/class-omnisend-core-bootstrap.php | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/omnisend/class-omnisend-core-bootstrap.php b/omnisend/class-omnisend-core-bootstrap.php
index cff9888..75a1331 100644
--- a/omnisend/class-omnisend-core-bootstrap.php
+++ b/omnisend/class-omnisend-core-bootstrap.php
@@ -50,7 +50,8 @@
 class Omnisend_Core_Bootstrap {
 	public static function load(): void {
 		self::load_react();
-		add_filter( 'cron_schedules', array( 'Omnisend_Core_Bootstrap', 'cron_schedules' ) );
+        // we enable cron every minute only for short period of time (after connection) to sync WP users to Omnisend after sync cron is disabled
+		add_filter( 'cron_schedules', array( 'Omnisend_Core_Bootstrap', 'cron_schedules' ) ); //phpcs:ignore WordPress.WP.CronInterval.CronSchedulesInterval
 		add_action( 'rest_api_init', 'Omnisend_Core_Bootstrap::omnisend_register_connection_routes' );
 		add_action( 'in_admin_header', 'Omnisend_Core_Bootstrap::hide_notices' );
 

From 85b19ab08ea7780884aca6dc2827c822ec72c82f Mon Sep 17 00:00:00 2001
From: Nerijus Zaniauskas <nerijus.z@omnisend.com>
Date: Wed, 28 Aug 2024 14:46:24 +0300
Subject: [PATCH 10/11] Update README.md

---
 README.md                                  | 8 ++++----
 omnisend/class-omnisend-core-bootstrap.php | 2 +-
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/README.md b/README.md
index c35f8db..7579afe 100644
--- a/README.md
+++ b/README.md
@@ -85,7 +85,7 @@ Here is how you can get Contact information.
 
 ```php
 $client = \Omnisend\SDK\V1\Omnisend::get_client( 'integration name', 'integration version' );
-$response = $this->client->get_contact_by_email( $user_email );
+$response = $client->get_contact_by_email( $user_email );
 $email_consent_status = $response->get_contact()->get_email_status();
 $phone_number = $response->get_contact()->get_phone();
 ```
@@ -117,7 +117,7 @@ You can send contact identifiers and if contact exists, then event will be attri
 If data provided is invalid or contact creation fails, then
 
 ```php
-$response = $client->create_contact($contact)
+$response = $client->create_contact( $contact )
 ```
 
 Will return `CreateContactResponse`. Depending on your integration logic you should handle the error i.e
@@ -132,14 +132,14 @@ Will return `CreateContactResponse`. Depending on your integration logic you sho
 If data provided is invalid or sending customer event fails, then
 
 ```php
-$response = $client->send_customer_event($event);
+$response = $client->send_customer_event( $event );
 ```
 
 Will return `SendCustomerEventResponse`. Depending on your integration logic you should handle the error i.e
 
 ```php
     if ( $response->get_wp_error()->has_errors() ) {
-        error_log( 'Error in after_submission: ' . $response->get_wp_error()->get_error_message());
+        error_log( 'Error in after_submission: ' . $response->get_wp_error()->get_error_message() );
         return;
     }
 ```
diff --git a/omnisend/class-omnisend-core-bootstrap.php b/omnisend/class-omnisend-core-bootstrap.php
index 75a1331..edc10af 100644
--- a/omnisend/class-omnisend-core-bootstrap.php
+++ b/omnisend/class-omnisend-core-bootstrap.php
@@ -50,7 +50,7 @@
 class Omnisend_Core_Bootstrap {
 	public static function load(): void {
 		self::load_react();
-        // we enable cron every minute only for short period of time (after connection) to sync WP users to Omnisend after sync cron is disabled
+		// Cron every minute only for short period of time (after connection) to sync WP users to Omnisend. After sync cron is disabled.
 		add_filter( 'cron_schedules', array( 'Omnisend_Core_Bootstrap', 'cron_schedules' ) ); //phpcs:ignore WordPress.WP.CronInterval.CronSchedulesInterval
 		add_action( 'rest_api_init', 'Omnisend_Core_Bootstrap::omnisend_register_connection_routes' );
 		add_action( 'in_admin_header', 'Omnisend_Core_Bootstrap::hide_notices' );

From ed75471a49852bd5c0fca675e803152da6408901 Mon Sep 17 00:00:00 2001
From: Nerijus Zaniauskas <nerijus.z@omnisend.com>
Date: Wed, 28 Aug 2024 15:45:57 +0300
Subject: [PATCH 11/11] Add nonce verification to connection form page

---
 omnisend/includes/Internal/class-connection.php |  5 +++--
 omnisend/view/landing-page.html                 | 11 +++++++----
 2 files changed, 10 insertions(+), 6 deletions(-)

diff --git a/omnisend/includes/Internal/class-connection.php b/omnisend/includes/Internal/class-connection.php
index 3ca2b4e..0a8298f 100644
--- a/omnisend/includes/Internal/class-connection.php
+++ b/omnisend/includes/Internal/class-connection.php
@@ -82,7 +82,6 @@ private static function get_account_data( $api_key ): array {
 		return is_array( $arr ) ? $arr : array();
 	}
 
-
 	public static function show_connected_store_view(): bool {
 		return Options::is_store_connected();
 	}
@@ -90,8 +89,10 @@ public static function show_connected_store_view(): bool {
 	public static function show_connection_view(): bool {
 		$connected = Options::is_store_connected();
 
-		// phpcs:disable WordPress.Security.NonceVerification
 		if ( ! $connected && ! empty( $_GET['action'] ) && 'show_connection_form' == $_GET['action'] ) {
+			if ( ! wp_verify_nonce( sanitize_text_field( wp_unslash( $_GET['_wpnonce'] ?? '' ) ), 'show_connection_form' ) ) {
+				die( 'nonce verification failed: ' . __FILE__ . ':' . __LINE__ );
+			}
 			return true;
 		}
 
diff --git a/omnisend/view/landing-page.html b/omnisend/view/landing-page.html
index b3db788..60e059c 100644
--- a/omnisend/view/landing-page.html
+++ b/omnisend/view/landing-page.html
@@ -1,4 +1,7 @@
-<?php use Omnisend\Internal\Connection; ?>
+<?php
+    use Omnisend\Internal\Connection;
+    $nonce = wp_create_nonce( 'show_connection_form' );
+?>
 
 <div class="omnisend-landing-page-header">
     <div class="omnisend-landing-header-container">
@@ -17,9 +20,9 @@
                 <a class="omnisend-button-primary" href="<?php echo Omnisend\Internal\Connection::$landing_page_url;?>" target="_blank">
                     Explore Omnisend
                 </a>
-                <a class="omnisend-button" href="admin.php?page=omnisend&action=show_connection_form"> Connect Omnisend </a>
+                <a class="omnisend-button" href="admin.php?page=omnisend&action=show_connection_form&_wpnonce=<?php echo $nonce; ?>"> Connect Omnisend </a>
                 <?php else: ?>
-                <a class="omnisend-button-primary" href="admin.php?page=omnisend&action=show_connection_form"> Connect Omnisend </a>
+                <a class="omnisend-button-primary" href="admin.php?page=omnisend&action=show_connection_form&_wpnonce=<?php echo $nonce; ?>"> Connect Omnisend </a>
                 <?php endif; ?>
             </div>
         </div>
@@ -97,7 +100,7 @@
                     <a class="omnisend-button-green" href="<?php echo Omnisend\Internal\Connection::$landing_page_url;?>" target="_blank">
                         Explore Omnisend
                     </a>
-                    <a class="omnisend-button-white" href="admin.php?page=omnisend&action=show_connection_form"> Connect Omnisend </a>
+                    <a class="omnisend-button-white" href="admin.php?page=omnisend&action=show_connection_form&_wpnonce=<?php echo $nonce; ?>"> Connect Omnisend </a>
                 </div>
             </div>
         </div>