From 9f73622e84494a8dbac021daa728397255e71901 Mon Sep 17 00:00:00 2001
From: "daan.rijpkema" <daan.rijpkema@coolblue.nl>
Date: Tue, 29 Oct 2024 22:58:51 +0100
Subject: [PATCH] fix(1.3.23): Fix admin import/export page

---
 bluem.php              | 12 +++++++++++-
 views/importexport.php |  6 +++++-
 2 files changed, 16 insertions(+), 2 deletions(-)

diff --git a/bluem.php b/bluem.php
index 648792d..1064209 100644
--- a/bluem.php
+++ b/bluem.php
@@ -2036,12 +2036,20 @@ function bluem_admin_import_execute($data): array
  * Render the admin Import / Export page
  * @return void
  */
-function bluem_admin_importexport(): void
+function bluem_admin_importexport()
 {
     $import_data = null;
     $messages = [];
 
+
+var_dump($_POST);
     if (isset($_POST['action']) && $_POST['action'] === "import") {
+//
+//        if (!isset($_POST['bluem_importexport_nonce']) || !wp_verify_nonce($_POST['bluem_importexport_nonce'])) {
+//            echo "<div class='notice notice-error'><p>" . esc_html__("Kon niet importeren: nonce niet geldig", 'bluem') . "</p></div>";
+//            die();
+//        }
+
         $decoded = true;
 
         if (isset($_POST['import']) && $_POST['import'] !== "") {
@@ -2081,6 +2089,8 @@ function bluem_admin_importexport(): void
         $options_json = wp_json_encode($options);
     }
 
+    $form_nonce = wp_create_nonce( 'bluem_importexport_nonce' );
+
     // @todo: improve this by creating a renderer function and passing the renderdata
     // @todo: then generalise this to other parts of the plugin
     include_once 'views/importexport.php';
diff --git a/views/importexport.php b/views/importexport.php
index e0abe47..5941e8c 100644
--- a/views/importexport.php
+++ b/views/importexport.php
@@ -67,8 +67,12 @@
             <?php esc_html_e('Upload je instellingen hier.', 'bluem'); ?>
 
         <form method="post"
-              action="<?php echo esc_url(admin_url('admin.php?page=bluem_admin_importexport&action=import')); ?>">
+              action="<?php echo esc_url(admin_url('admin.php?page=bluem-importexport')); ?>">
+
             <input type="hidden" name="action" value="import">
+
+            <input type="hidden" name="bluem_importexport_nonce" value="<?php echo $form_nonce;?>">
+
             <label for="import">
                 Input:
             </label>