diff options
| author | Harald Eilertsen <haraldei@anduin.net> | 2021-09-17 17:04:58 +0200 |
|---|---|---|
| committer | Harald Eilertsen <haraldei@anduin.net> | 2021-09-17 17:04:58 +0200 |
| commit | 309a45fb2a22778eeb704ebb1cb1f4223296de72 (patch) | |
| tree | ffa65591822db032ae1a618f1873a9fac033abd9 /includes/admin/views/giglog_admin_page.php | |
| parent | 8a189196899989fd611a710bbbfc6bbbf31b73cc (diff) | |
| download | gigologadmin-309a45fb2a22778eeb704ebb1cb1f4223296de72.tar.gz gigologadmin-309a45fb2a22778eeb704ebb1cb1f4223296de72.tar.bz2 gigologadmin-309a45fb2a22778eeb704ebb1cb1f4223296de72.zip | |
Add CSRF checks to new venue form
Diffstat (limited to 'includes/admin/views/giglog_admin_page.php')
| -rw-r--r-- | includes/admin/views/giglog_admin_page.php | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/includes/admin/views/giglog_admin_page.php b/includes/admin/views/giglog_admin_page.php index b7f6247..13c08b9 100644 --- a/includes/admin/views/giglog_admin_page.php +++ b/includes/admin/views/giglog_admin_page.php @@ -167,6 +167,13 @@ if ( !class_exists( 'GiglogAdmin_AdminPage' ) ) { if(isset($_POST['newvenue'])) { + if (!isset($_POST['giglog_new_venue_nonce']) + || wp_verify_nonce($_POST['giglog_new_venue_nonce'], plugin_basename( __FILE__ ))) + { + header("{$_SERVER['SERVER_PROTOCOL']} 403 Forbidden"); + wp_die('CSRF validation failed.', 403); + } + if (empty($_POST['venuename']) || empty($_POST['venuecity'])) { echo '<script language="javascript">alert("You are missing a value, venue was not created"); </script>'; } |