summaryrefslogtreecommitdiffstats
path: root/includes/admin/views/giglog_admin_page.php
diff options
context:
space:
mode:
Diffstat (limited to 'includes/admin/views/giglog_admin_page.php')
-rw-r--r--includes/admin/views/giglog_admin_page.php9
1 files changed, 8 insertions, 1 deletions
diff --git a/includes/admin/views/giglog_admin_page.php b/includes/admin/views/giglog_admin_page.php
index 86c414e..fa853fb 100644
--- a/includes/admin/views/giglog_admin_page.php
+++ b/includes/admin/views/giglog_admin_page.php
@@ -121,8 +121,15 @@ if ( !class_exists( 'GiglogAdmin_AdminPage' ) ) {
}
}
- if(isset($_POST['editconcert']))
+ if (isset($_POST['editconcert']))
{
+ if (!isset($_POST['giglog_edit_concert_nonce'])
+ || wp_verify_nonce($_POST['giglog_edit_concert_nonce'], plugin_basename( __FILE__ )))
+ {
+ header("{$_SERVER['SERVER_PROTOCOL']} 403 Forbidden");
+ wp_die('CSRF validation failed.', 403);
+ }
+
$roles = array_reduce(
['photo1', 'photo1', 'rev1', 'rev2'],
function($roles, $r) {
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-21 16:21:09 +0000