martinsac

I had this Issue for more than 7 Months now.

Thanks @rmpel I did some digging and noticed the nonce is not set properly.
I assume the call in templates/admin/resume.php setting the nonce is not made in the proper order?
Following this guide: https://developer.ww.wp.xz.cn/news/2023/08/understand-and-use-wordpress-nonces-properly/ The init function must have been called first, which I assume is not the case because the nonce is empty. However the nonce for the wordpress api is set in a callback (in class.resume-builder-admin-enqueues.php) and this apparently works.

There are different ways to address this, for example by adding the required nonce (rb_edit_resumes_nonce) to a global variable and retrieving it in main.js from this variable instead of this.opts. However I compared version 3.2 with 3.1.1 and noticed the check

$_POST['rb_edit_resumes_nonce'] ) && wp_verify_nonce( sanitize_key( $_POST['rb_edit_resumes_nonce'] ), 'rb_edit_resumes' )

was only added in the latest version to “class.resume-builder-core.php”, so I simply removed it (pay attention not to mess up the braces when you want to do this)

Its not pretty, but it works, and I don’t think the nonce adds a lot to the security, as no permissions are checked anyways.

Edit: I actually signed up just to post this. And the pineapple on pizza thing is really not funny, I had to create an additional account because of it.

Another Edit: It would probably make much more sense to use the settings field as mentioned in the article. https://developer.ww.wp.xz.cn/reference/functions/settings_fields/

• This reply was modified 3 months ago by martinsac.
• This reply was modified 3 months ago by martinsac.