diff --git a/admin/class-convertkit-admin-tinymce.php b/admin/class-convertkit-admin-tinymce.php index 2be0e35d8..178f83f11 100644 --- a/admin/class-convertkit-admin-tinymce.php +++ b/admin/class-convertkit-admin-tinymce.php @@ -21,7 +21,7 @@ class ConvertKit_Admin_TinyMCE { public function __construct() { // Outputs the TinyMCE and QuickTag Modal. - add_action( 'wp_ajax_convertkit_admin_tinymce_output_modal', array( $this, 'output_modal' ) ); + add_action( 'rest_api_init', array( $this, 'register_routes' ) ); // Add filters to register QuickTag Plugins. add_action( 'admin_enqueue_scripts', array( $this, 'register_quicktags' ) ); // WordPress Admin. @@ -34,29 +34,57 @@ public function __construct() { } + /** + * Register REST API routes. + * + * @since 3.1.8 + */ + public function register_routes() { + + // Register route to return all blocks registered by the Plugin. + register_rest_route( + 'kit/v1', + '/tinymce/output-modal', + array( + 'methods' => WP_REST_Server::CREATABLE, + 'args' => array( + 'shortcode' => array( + 'required' => true, + 'sanitize_callback' => 'sanitize_text_field', + ), + 'editor_type' => array( + 'required' => true, + 'sanitize_callback' => 'sanitize_text_field', + ), + ), + 'callback' => function ( $request ) { + ob_start(); + $this->output_modal( $request['shortcode'], $request['editor_type'] ); + return ob_get_clean(); + }, + + // Only refresh resources for users who can edit posts. + 'permission_callback' => function () { + return current_user_can( 'edit_posts' ); + }, + ) + ); + + } + /** * Loads the view for a shortcode's modal in the TinyMCE and Text Editors. * * @since 1.9.6 + * + * @param string $shortcode_name Shortcode Name. + * @param string $editor_type Editor Type (tinymce|quicktags). */ - public function output_modal() { - - // Check nonce. - check_ajax_referer( 'convertkit_admin_tinymce', 'nonce' ); + public function output_modal( $shortcode_name, $editor_type ) { // phpcs:ignore Generic.CodeAnalysis.UnusedFunctionParameter.FoundAfterLastUsed // Get shortcodes. $shortcodes = convertkit_get_shortcodes(); - // Bail if no shortcode or editor type is specified. - if ( ! isset( $_REQUEST['shortcode'] ) || ! isset( $_REQUEST['editor_type'] ) ) { - require_once CONVERTKIT_PLUGIN_PATH . '/views/backend/tinymce/modal-missing.php'; - die(); - } - - // Get requested shortcode name. - $shortcode_name = sanitize_text_field( wp_unslash( $_REQUEST['shortcode'] ) ); - $editor_type = sanitize_text_field( wp_unslash( $_REQUEST['editor_type'] ) ); - // If the shortcode is not registered, return a view in the modal to tell the user. if ( ! isset( $shortcodes[ $shortcode_name ] ) ) { require_once CONVERTKIT_PLUGIN_PATH . '/views/backend/tinymce/modal-missing.php'; @@ -118,7 +146,8 @@ public function register_quicktags() { 'convertkit-admin-quicktags', 'convertkit_admin_tinymce', array( - 'nonce' => wp_create_nonce( 'convertkit_admin_tinymce' ), + 'ajaxurl' => rest_url( 'kit/v1/tinymce/output-modal' ), + 'nonce' => wp_create_nonce( 'wp_rest' ), ) ); @@ -160,7 +189,8 @@ public function register_tinymce_plugins( $plugins ) { 'convertkit-admin-editor', 'convertkit_admin_tinymce', array( - 'nonce' => wp_create_nonce( 'convertkit_admin_tinymce' ), + 'ajaxurl' => rest_url( 'kit/v1/tinymce/output-modal' ), + 'nonce' => wp_create_nonce( 'wp_rest' ), ) ); diff --git a/includes/class-wp-convertkit.php b/includes/class-wp-convertkit.php index ecafc5792..3dbb8f8b6 100644 --- a/includes/class-wp-convertkit.php +++ b/includes/class-wp-convertkit.php @@ -96,7 +96,6 @@ private function initialize_admin() { $this->classes['admin_setup_wizard_landing_page'] = new ConvertKit_Admin_Setup_Wizard_Landing_Page(); $this->classes['admin_setup_wizard_plugin'] = new ConvertKit_Admin_Setup_Wizard_Plugin(); $this->classes['admin_setup_wizard_restrict_content'] = new ConvertKit_Admin_Setup_Wizard_Restrict_Content(); - $this->classes['admin_tinymce'] = new ConvertKit_Admin_TinyMCE(); /** * Initialize integration classes for the WordPress Administration interface. @@ -183,6 +182,7 @@ private function initialize_frontend() { private function initialize_global() { $this->classes['admin_notices'] = new ConvertKit_Admin_Notices(); + $this->classes['admin_tinymce'] = new ConvertKit_Admin_TinyMCE(); $this->classes['admin_refresh_resources'] = new ConvertKit_Admin_Refresh_Resources(); $this->classes['blocks_convertkit_broadcasts'] = new ConvertKit_Block_Broadcasts(); $this->classes['blocks_convertkit_content'] = new ConvertKit_Block_Content(); diff --git a/resources/backend/js/editor.js b/resources/backend/js/editor.js index 0d9fa9e46..eae530805 100644 --- a/resources/backend/js/editor.js +++ b/resources/backend/js/editor.js @@ -55,14 +55,13 @@ function convertKitTinyMCERegisterPlugin(block) { }); // Perform an AJAX call to load the modal's view. - fetch(ajaxurl, { + fetch(convertkit_admin_tinymce.ajaxurl, { method: 'POST', headers: { 'Content-Type': 'application/x-www-form-urlencoded', + 'X-WP-Nonce': convertkit_admin_tinymce.nonce, }, body: new URLSearchParams({ - action: 'convertkit_admin_tinymce_output_modal', - nonce: convertkit_admin_tinymce.nonce, editor_type: 'tinymce', shortcode: block.name, }), diff --git a/resources/backend/js/quicktags.js b/resources/backend/js/quicktags.js index 921fb45fa..2bf45c5d2 100644 --- a/resources/backend/js/quicktags.js +++ b/resources/backend/js/quicktags.js @@ -21,14 +21,13 @@ for (const block in convertkit_quicktags) { function convertKitQuickTagRegister(block) { QTags.addButton('convertkit-' + block.name, block.title, function () { // Perform an AJAX call to load the modal's view. - fetch(ajaxurl, { + fetch(convertkit_admin_tinymce.ajaxurl, { method: 'POST', headers: { 'Content-Type': 'application/x-www-form-urlencoded', + 'X-WP-Nonce': convertkit_admin_tinymce.nonce, }, body: new URLSearchParams({ - action: 'convertkit_admin_tinymce_output_modal', - nonce: convertkit_admin_tinymce.nonce, editor_type: 'quicktags', shortcode: block.name, }),