Context Navigation

Changeset 2627104

Timestamp:

11/10/2021 05:53:53 AM (4 years ago)

Author:

likebtn

Message:

Update

Location:

likebtn-like-button/tags/2.6.38

Files:

r2626501	r2627104
645	645	<form action="<?php echo admin_url('admin-ajax.php') ?>?action=likebtn_export_votes&<?php echo $_SERVER['QUERY_STRING'] ?>" method="post" target="_blank">
646	646	<input type="hidden" name="export" value="1" />
	647	<input type="hidden" name="nonce" value="<?php echo wp_create_nonce( 'likebtn_export_votes' ); ?>" />
647	648	<strong><?php _e('Data to export', 'likebtn-like-button'); ?>:</strong><br/>
648	649	<label><input type="checkbox" name="fields[]" value="user" checked="checked" /> <?php _e('User Name', 'likebtn-like-button'); ?></label><br/>

-                      r2626501
+                      r2627104
         <form action="<?php echo admin_url('admin-ajax.php') ?>?action=likebtn_export&<?php echo esc_attr($_SERVER['QUERY_STRING']) ?>" method="post" target="_blank">
             <input type="hidden" name="export" value="1" />
+            <input type="hidden" name="nonce" value="<?php echo wp_create_nonce( 'likebtn_export' ); ?>" />
             <strong><?php _e('Data to export', 'likebtn-like-button'); ?>:</strong><br/>
             <label><input type="checkbox" name="fields[]" value="id" checked="checked" /> <?php _e('ID', 'likebtn-like-button'); ?></label><br/>
 …
 function likebtn_export_callback()
+{
+    if (!(bool)current_user_can('manage_options')) {
+    if (!(bool)current_user_can('manage_options')
+        || !isset($_POST['nonce'])
+        || !wp_verify_nonce($_POST['nonce'], 'likebtn_export')
+    ) {
         return;
+    }
 …
     global $wpdb;
+    if (!(bool)current_user_can('manage_options')) {
+    if (!(bool)current_user_can('manage_options')
+        || !isset($_POST['nonce'])
+        || !wp_verify_nonce($_POST['nonce'], 'likebtn_export_votes')
+    ) {
         return;
+    }

Note: See TracChangeset for help on using the changeset viewer.