diff options
| author | Harald Eilertsen <haraldei@anduin.net> | 2021-09-17 08:55:49 +0200 |
|---|---|---|
| committer | Harald Eilertsen <haraldei@anduin.net> | 2021-09-17 08:55:49 +0200 |
| commit | 9340fddbac59a2aab12dd0fa0e122b4d7c3bf0c8 (patch) | |
| tree | 3a58480fefb2f790023d35a62462140d07144b3e /includes/admin/views/giglog_admin_page.php | |
| parent | d3fdcf53bcaf4b143c316f3379190d0053a6036f (diff) | |
| download | gigologadmin-9340fddbac59a2aab12dd0fa0e122b4d7c3bf0c8.tar.gz gigologadmin-9340fddbac59a2aab12dd0fa0e122b4d7c3bf0c8.tar.bz2 gigologadmin-9340fddbac59a2aab12dd0fa0e122b4d7c3bf0c8.zip | |
Add CSRF checks for edit concert form.
Diffstat (limited to 'includes/admin/views/giglog_admin_page.php')
| -rw-r--r-- | includes/admin/views/giglog_admin_page.php | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/includes/admin/views/giglog_admin_page.php b/includes/admin/views/giglog_admin_page.php index 86c414e..fa853fb 100644 --- a/includes/admin/views/giglog_admin_page.php +++ b/includes/admin/views/giglog_admin_page.php @@ -121,8 +121,15 @@ if ( !class_exists( 'GiglogAdmin_AdminPage' ) ) { } } - if(isset($_POST['editconcert'])) + if (isset($_POST['editconcert'])) { + if (!isset($_POST['giglog_edit_concert_nonce']) + || wp_verify_nonce($_POST['giglog_edit_concert_nonce'], plugin_basename( __FILE__ ))) + { + header("{$_SERVER['SERVER_PROTOCOL']} 403 Forbidden"); + wp_die('CSRF validation failed.', 403); + } + $roles = array_reduce( ['photo1', 'photo1', 'rev1', 'rev2'], function($roles, $r) { |