GH-179 : Implement nonce verification for Ajax calls

[SohamPatel46]

Description

• This PR adds WordPress Nonce fields to forms and check_ajax_referer for AJAX callbacks to ensure the security of requests.

Dismissing review as all inline comments are obsolete by now

[AnuragVasanwala]

LGTM ✅

Let's wait for @gagan0123's review.

[gagan0123]

@SohamPatel46

Can you please check why "End-to-End Tests / Playwright Tests (pull_request) " is failing and fix that before the PR is merged?

[SohamPatel46]

@gagan0123 Implemented specific nonce creation for every action.

Still there are 2 ajax callbacks whose action can't be located in the codebase - https://github.com/rtCamp/transcoder/blob/master/admin/rt-transcoder-handler.php#L183-#L184
Should we skip this or is there any way to tackle it ?

[gagan0123]

@gagan0123 Implemented specific nonce creation for every action.

Still there are 2 ajax callbacks whose action can't be located in the codebase - https://github.com/rtCamp/transcoder/blob/master/admin/rt-transcoder-handler.php#L183-#L184 Should we skip this or is there any way to tackle it ?

@SohamPatel46 You can remove that part of code, I've verified that it was used before, but later the functionality was removed without removing the WP AJAX endpoints.
So remove both ensuring:

• The add_action for the two WP AJAX requests are removed as well
• The callback functions are also removed, after verifying they are not used anywhere else in the code

[SohamPatel46]

@gagan0123 Removed unused AJAX actions and callback. Can you re-review it ?

[gagan0123]

Thanks @SohamPatel46 for the PR 👍

@pavanpatil1 can you please test this branch to ensure the functionality is not impacted. Code looks good to me.