omnisend · nerijuszaniauskas · Aug 29, 2024 · Aug 27, 2024 · Aug 28, 2024 · Aug 28, 2024
@@ -85,7 +85,7 @@ Here is how you can get Contact information.
 
 ```php
 $client = \Omnisend\SDK\V1\Omnisend::get_client( 'integration name', 'integration version' );
-$response = $this->client->get_contact_by_email( $user_email );
+$response = $client->get_contact_by_email( $user_email );
 $email_consent_status = $response->get_contact()->get_email_status();
 $phone_number = $response->get_contact()->get_phone();
 ```
@@ -117,7 +117,7 @@ You can send contact identifiers and if contact exists, then event will be attri
 If data provided is invalid or contact creation fails, then
 
 ```php
-$response = $client->create_contact($contact)
+$response = $client->create_contact( $contact )
 ```
 
 Will return `CreateContactResponse`. Depending on your integration logic you should handle the error i.e
@@ -132,14 +132,14 @@ Will return `CreateContactResponse`. Depending on your integration logic you sho
 If data provided is invalid or sending customer event fails, then
 
 ```php
-$response = $client->send_customer_event($event);
+$response = $client->send_customer_event( $event );
 ```
 
 Will return `SendCustomerEventResponse`. Depending on your integration logic you should handle the error i.e
 
 ```php
     if ( $response->get_wp_error()->has_errors() ) {
-        error_log( 'Error in after_submission: ' . $response->get_wp_error()->get_error_message());
+        error_log( 'Error in after_submission: ' . $response->get_wp_error()->get_error_message() );
         return;
     }
 ```

@@ -50,8 +50,8 @@
 class Omnisend_Core_Bootstrap {
 	public static function load(): void {
 		self::load_react();
-		// phpcs:ignore because linter could not detect internal, but it is fine
-		add_filter('cron_schedules', 'Omnisend_Core_Bootstrap::cron_schedules'); // phpcs:ignore
+		// Cron every minute only for short period of time (after connection) to sync WP users to Omnisend. After sync cron is disabled.
+		add_filter( 'cron_schedules', array( 'Omnisend_Core_Bootstrap', 'cron_schedules' ) ); //phpcs:ignore WordPress.WP.CronInterval.CronSchedulesInterval
 		add_action( 'rest_api_init', 'Omnisend_Core_Bootstrap::omnisend_register_connection_routes' );
 		add_action( 'in_admin_header', 'Omnisend_Core_Bootstrap::hide_notices' );
 

@@ -66,7 +66,6 @@ public function create_contact( $contact ): CreateContactResponse {
 		);
 
 		if ( is_wp_error( $response ) ) {
-			error_log('wp_remote_post error: ' . $response->get_error_message()); // phpcs:ignore
 			return new CreateContactResponse( '', $response );
 		}
 
@@ -126,7 +125,6 @@ public function save_contact( Contact $contact ): SaveContactResponse {
 		);
 
 		if ( is_wp_error( $response ) ) {
-			error_log( 'wp_remote_post error: ' . $response->get_error_message() ); // phpcs:ignore
 			return new SaveContactResponse( '', $response );
 		}
 
@@ -171,7 +169,6 @@ public function get_contact_by_email( string $email ): GetContactResponse {
 		);
 
 		if ( is_wp_error( $response ) ) {
-			error_log( 'wp_remote_post error: ' . $response->get_error_message() ); // phpcs:ignore
 			return new GetContactResponse( null, $error );
 		}
 
@@ -231,7 +228,6 @@ public function send_customer_event( $event ): SendCustomerEventResponse {
 		);
 
 		if ( is_wp_error( $response ) ) {
-			error_log( 'wp_remote_post error: ' . $response->get_error_message() ); // phpcs:ignore
 			return new SendCustomerEventResponse( $response );
 		}
 

@@ -41,17 +41,16 @@ public static function display(): void {
 		require_once __DIR__ . '/../../view/landing-page.html';
 	}
 
-	public static function resolve_wordpress_settings() {
+	public static function resolve_wordpress_settings(): void {
 		$url      = 'https://api.omnisend.com/wordpress/settings?version=' . OMNISEND_CORE_PLUGIN_VERSION;
 		$response = wp_remote_get( $url );
 
 		if ( ! is_wp_error( $response ) ) {
 			$body = wp_remote_retrieve_body( $response );
 
-			$data = json_decode( $body );
-			// ignore phpcs warning as it's response from API.
-			if ( ! empty( $data->exploreOmnisendLink ) ) { // phpcs:ignore 
-				self::$landing_page_url = $data->exploreOmnisendLink; // phpcs:ignore 
+			$data = json_decode( $body, true );
+			if ( ! empty( $data['exploreOmnisendLink'] ) ) {
+				self::$landing_page_url = $data['exploreOmnisendLink'];
 			}
 		}
 	}
@@ -83,16 +82,17 @@ private static function get_account_data( $api_key ): array {
 		return is_array( $arr ) ? $arr : array();
 	}
 
-
 	public static function show_connected_store_view(): bool {
 		return Options::is_store_connected();
 	}
 
 	public static function show_connection_view(): bool {
 		$connected = Options::is_store_connected();
 
-		// phpcs:disable WordPress.Security.NonceVerification
 		if ( ! $connected && ! empty( $_GET['action'] ) && 'show_connection_form' == $_GET['action'] ) {
+			if ( ! wp_verify_nonce( sanitize_text_field( wp_unslash( $_GET['_wpnonce'] ?? '' ) ), 'show_connection_form' ) ) {
+				die( 'nonce verification failed: ' . __FILE__ . ':' . __LINE__ );
+			}
 			return true;
 		}
 
@@ -205,7 +205,7 @@ public static function omnisend_post_connection() {
 				return rest_ensure_response(
 					array(
 						'success' => false,
-						'error'   => 'The connection didn’t go through. Check if the API key is correct.',
+						'error'   => 'The connection did not go through. Check if the API key is correct.',
 					)
 				);
 			}
@@ -244,15 +244,13 @@ public static function omnisend_post_connection() {
 				);
 			}
 
-			if ( ! $connected ) {
-				Options::disconnect(); // Store was not connected, clean up.
-				return rest_ensure_response(
-					array(
-						'success' => false,
-						'error'   => 'The connection didn’t go through. Check if the API key is correct.',
-					)
-				);
-			}
+			Options::disconnect(); // Store was not connected, clean up.
+			return rest_ensure_response(
+				array(
+					'success' => false,
+					'error'   => 'The connection did not go through. Check if the API key is correct.',
+				)
+			);
 		}
 
 		return rest_ensure_response(

@@ -37,6 +37,7 @@ public static function sync_contacts( int $limit = 100 ): void {
 		$wp_user_query = new \WP_User_Query(
 			array(
 				'number'     => $limit,
+				// meta_query is required to work as sync information is stored in contact metadata.
 				'meta_query' => array( // phpcs:ignore WordPress.DB.SlowDBQuery.slow_db_query_meta_query
 					'relation' => 'OR',
 					array(

@@ -1,4 +1,7 @@
-<?php use Omnisend\Internal\Connection; ?>
+<?php
+    use Omnisend\Internal\Connection;
+    $nonce = wp_create_nonce( 'show_connection_form' );
+?>
 
 <div class="omnisend-landing-page-header">
     <div class="omnisend-landing-header-container">
@@ -17,9 +20,9 @@
                 <a class="omnisend-button-primary" href="<?php echo Omnisend\Internal\Connection::$landing_page_url;?>" target="_blank">
                     Explore Omnisend
                 </a>
-                <a class="omnisend-button" href="admin.php?page=omnisend&action=show_connection_form"> Connect Omnisend </a>
+                <a class="omnisend-button" href="admin.php?page=omnisend&action=show_connection_form&_wpnonce=<?php echo $nonce; ?>"> Connect Omnisend </a>
                 <?php else: ?>
-                <a class="omnisend-button-primary" href="admin.php?page=omnisend&action=show_connection_form"> Connect Omnisend </a>
+                <a class="omnisend-button-primary" href="admin.php?page=omnisend&action=show_connection_form&_wpnonce=<?php echo $nonce; ?>"> Connect Omnisend </a>
                 <?php endif; ?>
             </div>
         </div>
@@ -97,7 +100,7 @@
                     <a class="omnisend-button-green" href="<?php echo Omnisend\Internal\Connection::$landing_page_url;?>" target="_blank">
                         Explore Omnisend
                     </a>
-                    <a class="omnisend-button-white" href="admin.php?page=omnisend&action=show_connection_form"> Connect Omnisend </a>
+                    <a class="omnisend-button-white" href="admin.php?page=omnisend&action=show_connection_form&_wpnonce=<?php echo $nonce; ?>"> Connect Omnisend </a>
                 </div>
             </div>
         </div>