Context Navigation

← Previous Changeset
Next Changeset →

Changeset 2919151

Timestamp:

05/30/2023 02:04:18 PM (3 years ago)

Author:

chuck1982

Message:

version 2.1.0.14

Location:

wp-inventory-manager/trunk

Files:

: 2 edited

includes/wpinventory.admin.class.php (modified) (3 diffs)
wpinventory.php (modified) (2 diffs)

Legend:

: Unmodified
: Added
: Removed

wp-inventory-manager/trunk/includes/wpinventory.admin.class.php

-                      r2666161
+                      r2919151
+            }
         } else if ( 'delete' == $action ) {
             $inventory_id = self::request( 'delete_id' );
             $success      = self::delete_item( $inventory_id );
+        $inventory_id = self::request( 'delete_id' );
+        $success      = self::delete_item( $inventory_id, self::request( 'wp_nonce' ) );
             $action       = '';
+        }
 …
               $loop->the_item();
               $edit_url      = ( self::check_permission( 'view_item', $wpinventory_item->inventory_id ) ) ? self::$self_url . '&action=edit&inventory_id=' . $wpinventory_item->inventory_id : '';
               $delete_url    = ( self::check_permission( 'edit_item', $wpinventory_item->inventory_id ) ) ? self::$self_url . '&action=delete&delete_id=' . $wpinventory_item->inventory_id : '';
+              $delete_url    = ( self::check_permission( 'edit_item', $wpinventory_item->inventory_id ) ) ? self::$self_url . '&action=delete&delete_id=' . $wpinventory_item->inventory_id . '&wp_nonce=' . wp_create_nonce( 'delete-item-' . $wpinventory_item->inventory_id ) : '';
               $duplicate_url = ( self::check_permission( 'view_item', $wpinventory_item->inventory_id ) ) ? self::$self_url . '&action=duplicate&duplicate_id=' . $wpinventory_item->inventory_id : '';
 …
+    }
     public static function delete_item() {
+    public static function delete_item( $inventory_id, $nonce ) {
         $inventory_id = (int) self::request( "delete_id" );
         if ( ! $inventory_id ) {
             self::$error = self::__( 'Inventory id not set.  Item not deleted.' );
+        if ( ! wp_verify_nonce( $nonce, 'delete-item-' . $inventory_id ) ) {
+            self::$error = self::__( 'There was a problem deleting your inventory item. Invalid permissions.' );
             return FALSE;

wp-inventory-manager/trunk/wpinventory.php

-                      r2900836
+                      r2919151
  * Plugin URI:    http://www.wpinventory.com
  * Description:    Manage and display your products just like a shopping cart, but without the cart.
  * Version:        2.1.0.13
+ * Version:        2.1.0.14
  * Author:        WP Inventory Manager
  * Author URI:    http://www.wpinventory.com/
 …
 abstract class WPIMConstants {
     const VERSION = '2.1.0.13';
+    const VERSION = '2.1.0.14';
     const MIN_PHP_VERSION = '5.6';
     const SHORTCODE = 'wpinventory';

Note: See TracChangeset for help on using the changeset viewer.

Trac UI Preferences

Plugin Directory

Context Navigation

Changeset 2919151

Legend:

wp-inventory-manager/trunk/includes/wpinventory.admin.class.php

wp-inventory-manager/trunk/wpinventory.php

Download in other formats: