From ae1217f2c2a6d0a9a125cc96bbeb11a59050a4a7 Mon Sep 17 00:00:00 2001 From: Rasmy Nguyen Date: Fri, 28 Feb 2025 14:21:09 -0500 Subject: [PATCH] fix: re-add params on login --- .../class-reader-activation.php | 11 ++++++++++ .../class-woocommerce-my-account.php | 22 ++++++++++++++++++- 2 files changed, 32 insertions(+), 1 deletion(-) diff --git a/includes/reader-activation/class-reader-activation.php b/includes/reader-activation/class-reader-activation.php index 028c7dd7d1..65d02fb1aa 100644 --- a/includes/reader-activation/class-reader-activation.php +++ b/includes/reader-activation/class-reader-activation.php @@ -10,6 +10,7 @@ use Newspack\Recaptcha; use Newspack\Reader_Activation\Sync; use Newspack\Renewal; +use Newspack\WooCommerce_My_Account; defined( 'ABSPATH' ) || exit; @@ -1356,6 +1357,16 @@ public static function render_auth_form( $in_modal = true ) { if ( Renewal::is_subscriptions_page() ) { // If we are on the subscriptions page, set the auth callback URL to the subscriptions page. $auth_callback_url = Renewal::get_subscriptions_url(); + } elseif ( WooCommerce_My_Account::is_myaccount_url() ) { + $params = []; + // If we are using one of our my account params, reattach the param to the my account URL. + foreach ( WooCommerce_My_Account::ALLOWED_PARAMS as $param ) { + $value = $_GET[ $param ] ?? null; // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized, WordPress.Security.NonceVerification.Recommended + if ( $value ) { + $params[ $param ] = $value; + } + } + $auth_callback_url = add_query_arg( $params, \wc_get_page_permalink( 'myaccount' ) ); } elseif ( function_exists( 'wc_get_page_permalink' ) && function_exists( 'is_account_page' ) && \is_account_page() ) { // If we are already on the my account page, set the my account URL so the page reloads on submit. $auth_callback_url = \wc_get_page_permalink( 'myaccount' ); diff --git a/includes/reader-revenue/my-account/class-woocommerce-my-account.php b/includes/reader-revenue/my-account/class-woocommerce-my-account.php index e45c0a19be..a057f6eb45 100644 --- a/includes/reader-revenue/my-account/class-woocommerce-my-account.php +++ b/includes/reader-revenue/my-account/class-woocommerce-my-account.php @@ -25,6 +25,14 @@ class WooCommerce_My_Account { const CANCEL_EMAIL_CHANGE_PARAM = 'cancel-email-change'; const VERIFY_EMAIL_CHANGE_PARAM = 'verify-email-change'; const PENDING_EMAIL_CHANGE_META = 'newspack_pending_email_change'; + const ALLOWED_PARAMS = [ + self::RESET_PASSWORD_URL_PARAM, + self::DELETE_ACCOUNT_URL_PARAM, + self::SEND_MAGIC_LINK_PARAM, + self::AFTER_ACCOUNT_DELETION_PARAM, + self::CANCEL_EMAIL_CHANGE_PARAM, + self::VERIFY_EMAIL_CHANGE_PARAM, + ]; /** * Initialize. @@ -420,7 +428,8 @@ function_exists( 'wc_get_page_permalink' ) && ! $is_resubscribe_request && ! $is_renewal_request && ! $is_cancel_membership_request && - ! $is_checkout_request + ! $is_checkout_request && + ! self::is_myaccount_url() ) { global $wp; $current_url = \home_url( $wp->request ); @@ -920,6 +929,17 @@ public static function handle_cancel_email_change() { \wp_safe_redirect( \wc_get_endpoint_url( 'edit-account', '', \wc_get_page_permalink( 'myaccount' ) ) ); exit; } + + /** + * Check if url is newspack my account url. + * + * @return bool + */ + public static function is_myaccount_url() { + $cancel_secret = filter_input( INPUT_GET, self::CANCEL_EMAIL_CHANGE_PARAM, FILTER_SANITIZE_FULL_SPECIAL_CHARS ); + $verify_secret = filter_input( INPUT_GET, self::VERIFY_EMAIL_CHANGE_PARAM, FILTER_SANITIZE_FULL_SPECIAL_CHARS ); + return ! empty( $cancel_secret ) || ! empty( $verify_secret ); + } } WooCommerce_My_Account::init();