ben/upskill-event-manager
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 2
upskill-event-manager/hvac-community-events.php
ben 6bb957d772
Some checks failed
HVAC Plugin CI/CD Pipeline / Code Quality & Standards (push) Has been cancelled
Details
HVAC Plugin CI/CD Pipeline / Security Analysis (push) Has been cancelled
Details
HVAC Plugin CI/CD Pipeline / Unit Tests (push) Has been cancelled
Details
HVAC Plugin CI/CD Pipeline / Integration Tests (push) Has been cancelled
Details
Security Monitoring & Compliance / Dependency Vulnerability Scan (push) Has been cancelled
Details
Security Monitoring & Compliance / Secrets & Credential Scan (push) Has been cancelled
Details
Security Monitoring & Compliance / WordPress Security Analysis (push) Has been cancelled
Details
Security Monitoring & Compliance / Static Code Security Analysis (push) Has been cancelled
Details
Security Monitoring & Compliance / Security Compliance Validation (push) Has been cancelled
Details
HVAC Plugin CI/CD Pipeline / Deploy to Staging (push) Has been cancelled
Details
HVAC Plugin CI/CD Pipeline / Deploy to Production (push) Has been cancelled
Details
HVAC Plugin CI/CD Pipeline / Notification (push) Has been cancelled
Details
Security Monitoring & Compliance / Security Summary Report (push) Has been cancelled
Details
Security Monitoring & Compliance / Security Team Notification (push) Has been cancelled
Details
fix: resolve announcement submission nonce mismatch (v2.1.7) 
Critical bug fix: Master trainers could not submit announcements due to
WordPress nonce security token mismatch between generation and verification.

ROOT CAUSE:
- Nonce generated with action: 'hvac_announcements_admin_nonce'
- Nonce verified with action: 'hvac_announcements_nonce'
- Mismatch caused "Invalid security token" error on every submission

FIX:
Changed nonce generation in class-hvac-announcements-admin.php line 96:
- Before: wp_create_nonce('hvac_announcements_admin_nonce')
- After: wp_create_nonce('hvac_announcements_nonce')

VALIDATION:
Tested on staging with Playwright browser automation:
- Logged in as test_master (ID: 25)
- Created test announcement successfully
- Verified success message: "Announcement created successfully"
- Confirmed announcement appears in table (2025-11-03 19:12:18)
- No "Invalid security token" error

IMPACT:
Announcement submission feature now fully operational. Master trainers
can create, edit, and publish announcements without security errors.

FILES MODIFIED:
- hvac-community-events.php: v2.1.6 → v2.1.7
- includes/class-hvac-plugin.php: HVAC_VERSION v2.1.6 → v2.1.7
- includes/class-hvac-announcements-admin.php: Fixed nonce action name

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
2025-11-04 08:56:05 -04:00

33 lines
No EOL
744 B
PHP
Raw Blame History

<?php
/**
* Plugin Name: HVAC Community Events
* Plugin URI: https://upskillhvac.com
* Description: Custom plugin for HVAC trainer event management system
* Version: 2.1.7
* Author: Upskill HVAC
* Author URI: https://upskillhvac.com
* License: GPL-2.0+
* License URI: http://www.gnu.org/licenses/gpl-2.0.txt
* Text Domain: hvac-community-events
* Domain Path: /languages
*/
// Exit if accessed directly
if (!defined('ABSPATH')) {
exit;
}
// Load the main plugin class
require_once plugin_dir_path(__FILE__) . 'includes/class-hvac-plugin.php';
/**
* Initialize the plugin
*
* @return HVAC_Plugin
*/
function hvac_community_events() {
return HVAC_Plugin::instance();
}
// Initialize the plugin
hvac_community_events();
Reference in a new issue View git blame Copy permalink