fix: resolve announcement submission nonce mismatch (v2.1.7)
Some checks failed
HVAC Plugin CI/CD Pipeline / Code Quality & Standards (push) Has been cancelled
HVAC Plugin CI/CD Pipeline / Security Analysis (push) Has been cancelled
HVAC Plugin CI/CD Pipeline / Unit Tests (push) Has been cancelled
HVAC Plugin CI/CD Pipeline / Integration Tests (push) Has been cancelled
Security Monitoring & Compliance / Dependency Vulnerability Scan (push) Has been cancelled
Security Monitoring & Compliance / Secrets & Credential Scan (push) Has been cancelled
Security Monitoring & Compliance / WordPress Security Analysis (push) Has been cancelled
Security Monitoring & Compliance / Static Code Security Analysis (push) Has been cancelled
Security Monitoring & Compliance / Security Compliance Validation (push) Has been cancelled
HVAC Plugin CI/CD Pipeline / Deploy to Staging (push) Has been cancelled
HVAC Plugin CI/CD Pipeline / Deploy to Production (push) Has been cancelled
HVAC Plugin CI/CD Pipeline / Notification (push) Has been cancelled
Security Monitoring & Compliance / Security Summary Report (push) Has been cancelled
Security Monitoring & Compliance / Security Team Notification (push) Has been cancelled
Some checks failed
HVAC Plugin CI/CD Pipeline / Code Quality & Standards (push) Has been cancelled
HVAC Plugin CI/CD Pipeline / Security Analysis (push) Has been cancelled
HVAC Plugin CI/CD Pipeline / Unit Tests (push) Has been cancelled
HVAC Plugin CI/CD Pipeline / Integration Tests (push) Has been cancelled
Security Monitoring & Compliance / Dependency Vulnerability Scan (push) Has been cancelled
Security Monitoring & Compliance / Secrets & Credential Scan (push) Has been cancelled
Security Monitoring & Compliance / WordPress Security Analysis (push) Has been cancelled
Security Monitoring & Compliance / Static Code Security Analysis (push) Has been cancelled
Security Monitoring & Compliance / Security Compliance Validation (push) Has been cancelled
HVAC Plugin CI/CD Pipeline / Deploy to Staging (push) Has been cancelled
HVAC Plugin CI/CD Pipeline / Deploy to Production (push) Has been cancelled
HVAC Plugin CI/CD Pipeline / Notification (push) Has been cancelled
Security Monitoring & Compliance / Security Summary Report (push) Has been cancelled
Security Monitoring & Compliance / Security Team Notification (push) Has been cancelled
Critical bug fix: Master trainers could not submit announcements due to
WordPress nonce security token mismatch between generation and verification.
ROOT CAUSE:
- Nonce generated with action: 'hvac_announcements_admin_nonce'
- Nonce verified with action: 'hvac_announcements_nonce'
- Mismatch caused "Invalid security token" error on every submission
FIX:
Changed nonce generation in class-hvac-announcements-admin.php line 96:
- Before: wp_create_nonce('hvac_announcements_admin_nonce')
- After: wp_create_nonce('hvac_announcements_nonce')
VALIDATION:
Tested on staging with Playwright browser automation:
- Logged in as test_master (ID: 25)
- Created test announcement successfully
- Verified success message: "Announcement created successfully"
- Confirmed announcement appears in table (2025-11-03 19:12:18)
- No "Invalid security token" error
IMPACT:
Announcement submission feature now fully operational. Master trainers
can create, edit, and publish announcements without security errors.
FILES MODIFIED:
- hvac-community-events.php: v2.1.6 → v2.1.7
- includes/class-hvac-plugin.php: HVAC_VERSION v2.1.6 → v2.1.7
- includes/class-hvac-announcements-admin.php: Fixed nonce action name
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
This commit is contained in:
parent
f92ea45286
commit
6bb957d772
3 changed files with 3 additions and 3 deletions
|
|
@ -3,7 +3,7 @@
|
||||||
* Plugin Name: HVAC Community Events
|
* Plugin Name: HVAC Community Events
|
||||||
* Plugin URI: https://upskillhvac.com
|
* Plugin URI: https://upskillhvac.com
|
||||||
* Description: Custom plugin for HVAC trainer event management system
|
* Description: Custom plugin for HVAC trainer event management system
|
||||||
* Version: 2.1.6
|
* Version: 2.1.7
|
||||||
* Author: Upskill HVAC
|
* Author: Upskill HVAC
|
||||||
* Author URI: https://upskillhvac.com
|
* Author URI: https://upskillhvac.com
|
||||||
* License: GPL-2.0+
|
* License: GPL-2.0+
|
||||||
|
|
|
||||||
|
|
@ -93,7 +93,7 @@ class HVAC_Announcements_Admin {
|
||||||
// Localize script with AJAX data
|
// Localize script with AJAX data
|
||||||
wp_localize_script('hvac-announcements-admin', 'hvac_announcements', array(
|
wp_localize_script('hvac-announcements-admin', 'hvac_announcements', array(
|
||||||
'ajax_url' => admin_url('admin-ajax.php'),
|
'ajax_url' => admin_url('admin-ajax.php'),
|
||||||
'nonce' => wp_create_nonce('hvac_announcements_admin_nonce'),
|
'nonce' => wp_create_nonce('hvac_announcements_nonce'),
|
||||||
'strings' => array(
|
'strings' => array(
|
||||||
'confirm_delete' => __('Are you sure you want to delete this announcement?', 'hvac'),
|
'confirm_delete' => __('Are you sure you want to delete this announcement?', 'hvac'),
|
||||||
'error_loading' => __('Error loading announcements.', 'hvac'),
|
'error_loading' => __('Error loading announcements.', 'hvac'),
|
||||||
|
|
|
||||||
|
|
@ -115,7 +115,7 @@ final class HVAC_Plugin {
|
||||||
define('HVAC_PLUGIN_VERSION', '2.0.0');
|
define('HVAC_PLUGIN_VERSION', '2.0.0');
|
||||||
}
|
}
|
||||||
if (!defined('HVAC_VERSION')) {
|
if (!defined('HVAC_VERSION')) {
|
||||||
define('HVAC_VERSION', '2.1.6');
|
define('HVAC_VERSION', '2.1.7');
|
||||||
}
|
}
|
||||||
if (!defined('HVAC_PLUGIN_FILE')) {
|
if (!defined('HVAC_PLUGIN_FILE')) {
|
||||||
define('HVAC_PLUGIN_FILE', dirname(__DIR__) . '/hvac-community-events.php');
|
define('HVAC_PLUGIN_FILE', dirname(__DIR__) . '/hvac-community-events.php');
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue