try a different approach for the test for validating gdrive nonce, ph…

…p 7.2/3/4 seem to be failing at it

projects/packages/forms/src/contact-form/class-contact-form-plugin.php

@@ -3663,20 +3663,40 @@ public function redirect_edit_feedback_to_jetpack_forms() {
 		exit;
 	}
 
+	/**
+	 * Validates the export to Google Drive request.
+	 *
+	 * @param array $post_data The POST data to validate.
+	 * @return bool True if the request is valid, false otherwise.
+	 */
+	public function validate_export_to_gdrive_request( $post_data ) {
+		if ( ! current_user_can( 'export' ) ) {
+			return false;
+		}
+
+		if ( empty( $post_data[ $this->export_nonce_field_gdrive ] ) ) {
+			return false;
+		}
+
+		$nonce = sanitize_text_field( $post_data[ $this->export_nonce_field_gdrive ] );
+		if ( ! wp_verify_nonce( $nonce, 'feedback_export' ) ) {
+			return false;
+		}
+
+		return true;
+	}
+
 	/**
 	 * Ajax handler for wp_ajax_grunion_export_to_gdrive.
 	 * Exports data to Google Drive, based on POST data.
 	 *
 	 * @see Contact_Form_Plugin::get_feedback_entries_from_post
 	 */
 	public function export_to_gdrive() {
+		// phpcs:ignore WordPress.Security.NonceVerification.Missing -- verification is done on validate_export_to_gdrive_request function
 		$post_data = wp_unslash( $_POST );
 
-		if (
-			! current_user_can( 'export' )
-			|| empty( sanitize_text_field( $post_data[ $this->export_nonce_field_gdrive ] ) )
-			|| ! wp_verify_nonce( sanitize_text_field( $post_data[ $this->export_nonce_field_gdrive ] ), 'feedback_export' )
-		) {
+		if ( ! $this->validate_export_to_gdrive_request( $post_data ) ) {
 			wp_send_json_error(
 				__( 'You aren\'t authorized to do that.', 'jetpack-forms' ),
 				403,

projects/packages/forms/tests/php/contact-form/Util_Test.php

@@ -763,37 +763,60 @@ public function test_export_to_gdrive_moved_from_admin_to_plugin() {
 	}
 
 	/**
-	 * Test export_to_gdrive method security and validation.
+	 * Test export_to_gdrive validation method with various security scenarios.
 	 *
-	 * This test verifies that the export_to_gdrive method properly validates
-	 * permissions and nonces before processing the export request.
+	 * This test verifies that the validate_export_to_gdrive_request method properly
+	 * validates permissions and nonces.
 	 */
 	public function test_export_to_gdrive_security_validation() {
-		// Create a Contact_Form_Plugin instance
-		$plugin = Contact_Form_Plugin::init();
-
-		// Test without proper capabilities
+		$plugin        = Contact_Form_Plugin::init();
 		$original_user = wp_get_current_user();
-		wp_set_current_user( 0 ); // Set to no user
 
-		// Mock $_POST data without proper nonce
-		$_POST = array(
-			'feedback_export_nonce_gdrive' => 'invalid_nonce',
+		// Test 1: User without 'export' capability should fail
+		wp_set_current_user( 0 );
+		$post_data = array(
+			'feedback_export_nonce_gdrive' => wp_create_nonce( 'feedback_export' ),
+		);
+		$this->assertFalse(
+			$plugin->validate_export_to_gdrive_request( $post_data ),
+			'Validation should fail for user without export capability'
 		);
 
-		// Capture output to check for JSON error response
-		ob_start();
-		$plugin->export_to_gdrive();
-		$output = ob_get_clean();
+		// Test 2: Missing nonce field should fail
+		$admin_user = wp_insert_user(
+			array(
+				'user_login' => 'testadmin',
+				'user_pass'  => 'password',
+				'role'       => 'administrator',
+			)
+		);
+		wp_set_current_user( $admin_user );
+		$post_data = array(); // No nonce field
+		$this->assertFalse(
+			$plugin->validate_export_to_gdrive_request( $post_data ),
+			'Validation should fail when nonce field is missing'
+		);
 
-		// Verify that an error response was sent
-		$this->assertStringContainsString( 'You aren\'t authorized to do that.', $output );
+		// Test 3: Invalid nonce should fail
+		$post_data = array(
+			'feedback_export_nonce_gdrive' => 'invalid_nonce',
+		);
+		$this->assertFalse(
+			$plugin->validate_export_to_gdrive_request( $post_data ),
+			'Validation should fail with invalid nonce'
+		);
 
-		// Restore original user
-		wp_set_current_user( $original_user->ID );
+		// Test 4: Valid user with valid nonce should pass
+		$post_data = array(
+			'feedback_export_nonce_gdrive' => wp_create_nonce( 'feedback_export' ),
+		);
+		$this->assertTrue(
+			$plugin->validate_export_to_gdrive_request( $post_data ),
+			'Validation should pass with valid user and nonce'
+		);
 
-		// Clean up $_POST
-		unset( $_POST['feedback_export_nonce_gdrive'] );
+		// Cleanup
+		wp_set_current_user( $original_user->ID );
 	}
 
 	/**