Merge pull request #40 from mailchimp/fix/invalid-list

Show an error message and return early if no list is chosen
mailchimp · Jun 28, 2024 · fb2b4b8 · fb2b4b8
2 parents 225f432 + 06b96e5
commit fb2b4b8
Show file tree

Hide file tree

Showing 2 changed files with 14 additions and 4 deletions.
diff --git a/mailchimp.php b/mailchimp.php
@@ -630,6 +630,16 @@ function mailchimp_sf_save_general_form_settings() {
  * Sees if the user changed the list, and updates options accordingly
  **/
 function mailchimp_sf_change_list_if_necessary() {
+	if ( ! isset( $_POST['mc_list_id'] ) ) {
+		return;
+	}
+
+	if ( empty( $_POST['mc_list_id'] ) ) {
+		$msg = '<p class="error_msg">' . esc_html__( 'Please choose a valid list', 'mailchimp' ) . '</p>';
+		mailchimp_sf_global_msg( $msg );
+		return;
+	}
+
 	// Simple permission check before going through all this
 	if ( ! current_user_can( MCSF_CAP_THRESHOLD ) ) { return; }
 
@@ -645,7 +655,7 @@ function mailchimp_sf_change_list_if_necessary() {
 
 	$lists = $lists['lists'];
 
-	if ( is_array( $lists ) && ! empty( $lists ) && isset( $_POST['mc_list_id'] ) ) {
+	if ( is_array( $lists ) && ! empty( $lists ) ) {
 
 		/**
 		 * If our incoming list ID (the one chosen in the select dropdown)

diff --git a/views/setup_page.php b/views/setup_page.php
@@ -124,7 +124,7 @@
 	<p class="mc-p"><?php esc_html_e( 'Please select the Mailchimp list you\'d like to connect to your form.', 'mailchimp' ); ?></p>
 	<p class="mc-list-note"><strong><?php esc_html_e( 'Note:', 'mailchimp' ); ?></strong> <?php esc_html_e( 'Updating your list will not remove list settings in this plugin, but changing lists will.', 'mailchimp' ); ?></p>
 
-	<form method="post" action="options-general.php?page=mailchimp_sf_options">
+	<form method="post" action="<?php echo esc_url( add_query_arg( array( 'page' => 'mailchimp_sf_options' ), admin_url( 'admin.php' ) ) ); ?>">
 		<?php
 		// we *could* support paging, but few users have that many lists (and shouldn't)
 		$lists = $api->get( 'lists', 100, array( 'fields' => 'lists.id,lists.name,lists.email_type_option' ) );
@@ -179,7 +179,7 @@
 	?>
 
 <p class="submit">
-	<form method="post" action="options-general.php?page=mailchimp_sf_options">
+	<form method="post" action="<?php echo esc_url( add_query_arg( array( 'page' => 'mailchimp_sf_options' ), admin_url( 'admin.php' ) ) ); ?>">
 		<input type="hidden" name="mcsf_action" value="reset_list" />
 		<input type="submit" name="reset_list" value="<?php esc_attr_e( 'Reset List Options and Select again', 'mailchimp' ); ?>" class="button" />
 		<?php wp_nonce_field( 'reset_mailchimp_list', '_mcsf_nonce_action' ); ?>
@@ -200,7 +200,7 @@
 ?>
 
 <div>
-<form method="post" action="options-general.php?page=mailchimp_sf_options">
+<form method="post" action="<?php echo esc_url( add_query_arg( array( 'page' => 'mailchimp_sf_options' ), admin_url( 'admin.php' ) ) ); ?>">
 <div class="mc-section">
 <input type="hidden" name="mcsf_action" value="change_form_settings">
 <?php wp_nonce_field( 'update_general_form_settings', '_mcsf_nonce_action' ); ?>