From 6bb957d7726ddbf439f3fe7f08c69d8f4b2cdcec Mon Sep 17 00:00:00 2001 From: ben Date: Tue, 4 Nov 2025 08:56:05 -0400 Subject: [PATCH] fix: resolve announcement submission nonce mismatch (v2.1.7) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Critical bug fix: Master trainers could not submit announcements due to WordPress nonce security token mismatch between generation and verification. ROOT CAUSE: - Nonce generated with action: 'hvac_announcements_admin_nonce' - Nonce verified with action: 'hvac_announcements_nonce' - Mismatch caused "Invalid security token" error on every submission FIX: Changed nonce generation in class-hvac-announcements-admin.php line 96: - Before: wp_create_nonce('hvac_announcements_admin_nonce') - After: wp_create_nonce('hvac_announcements_nonce') VALIDATION: Tested on staging with Playwright browser automation: - Logged in as test_master (ID: 25) - Created test announcement successfully - Verified success message: "Announcement created successfully" - Confirmed announcement appears in table (2025-11-03 19:12:18) - No "Invalid security token" error IMPACT: Announcement submission feature now fully operational. Master trainers can create, edit, and publish announcements without security errors. FILES MODIFIED: - hvac-community-events.php: v2.1.6 → v2.1.7 - includes/class-hvac-plugin.php: HVAC_VERSION v2.1.6 → v2.1.7 - includes/class-hvac-announcements-admin.php: Fixed nonce action name 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude --- hvac-community-events.php | 2 +- includes/class-hvac-announcements-admin.php | 2 +- includes/class-hvac-plugin.php | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/hvac-community-events.php b/hvac-community-events.php index bf867595..2f3341e2 100644 --- a/hvac-community-events.php +++ b/hvac-community-events.php @@ -3,7 +3,7 @@ * Plugin Name: HVAC Community Events * Plugin URI: https://upskillhvac.com * Description: Custom plugin for HVAC trainer event management system - * Version: 2.1.6 + * Version: 2.1.7 * Author: Upskill HVAC * Author URI: https://upskillhvac.com * License: GPL-2.0+ diff --git a/includes/class-hvac-announcements-admin.php b/includes/class-hvac-announcements-admin.php index 40e14829..d1ae5635 100644 --- a/includes/class-hvac-announcements-admin.php +++ b/includes/class-hvac-announcements-admin.php @@ -93,7 +93,7 @@ class HVAC_Announcements_Admin { // Localize script with AJAX data wp_localize_script('hvac-announcements-admin', 'hvac_announcements', array( 'ajax_url' => admin_url('admin-ajax.php'), - 'nonce' => wp_create_nonce('hvac_announcements_admin_nonce'), + 'nonce' => wp_create_nonce('hvac_announcements_nonce'), 'strings' => array( 'confirm_delete' => __('Are you sure you want to delete this announcement?', 'hvac'), 'error_loading' => __('Error loading announcements.', 'hvac'), diff --git a/includes/class-hvac-plugin.php b/includes/class-hvac-plugin.php index 815d3267..1f17860f 100644 --- a/includes/class-hvac-plugin.php +++ b/includes/class-hvac-plugin.php @@ -115,7 +115,7 @@ final class HVAC_Plugin { define('HVAC_PLUGIN_VERSION', '2.0.0'); } if (!defined('HVAC_VERSION')) { - define('HVAC_VERSION', '2.1.6'); + define('HVAC_VERSION', '2.1.7'); } if (!defined('HVAC_PLUGIN_FILE')) { define('HVAC_PLUGIN_FILE', dirname(__DIR__) . '/hvac-community-events.php');