diff --git a/includes/admin/class-admin.php b/includes/admin/class-admin.php
index ef8f2544..1200d2d8 100644
--- a/includes/admin/class-admin.php
+++ b/includes/admin/class-admin.php
@@ -764,16 +764,16 @@ if ( ! class_exists( 'um\admin\Admin' ) ) {
'sanitize' => 'bool',
),
'_max_selections' => array(
- 'sanitize' => 'empty_int',
+ 'sanitize' => 'empty_absint',
),
'_min_selections' => array(
- 'sanitize' => 'empty_int',
+ 'sanitize' => 'empty_absint',
),
'_max_entries' => array(
- 'sanitize' => 'absint',
+ 'sanitize' => 'empty_absint',
),
'_max_words' => array(
- 'sanitize' => 'absint',
+ 'sanitize' => 'empty_absint',
),
'_min' => array(
'sanitize' => 'empty_int',
@@ -782,10 +782,10 @@ if ( ! class_exists( 'um\admin\Admin' ) ) {
'sanitize' => 'empty_int',
),
'_min_chars' => array(
- 'sanitize' => 'absint',
+ 'sanitize' => 'empty_absint',
),
'_max_chars' => array(
- 'sanitize' => 'absint',
+ 'sanitize' => 'empty_absint',
),
'_html' => array(
'sanitize' => 'bool',
@@ -1935,23 +1935,26 @@ if ( ! class_exists( 'um\admin\Admin' ) ) {
* @return array
*/
function plugin_links( $links ) {
- $more_links[] = '' . __( 'Docs', 'ultimate-member' ) . '';
- $more_links[] = '' . __( 'Settings', 'ultimate-member' ) . '';
+ $more_links[] = '' . esc_html__( 'Docs', 'ultimate-member' ) . '';
+ $more_links[] = '' . esc_html__( 'Settings', 'ultimate-member' ) . '';
$links = $more_links + $links;
return $links;
}
-
/**
* Init admin action/filters + request handlers
*/
- function admin_init() {
+ public function admin_init() {
$this->init_variables();
- if ( is_admin() && current_user_can( 'manage_options' ) && ! empty( $_REQUEST['um_adm_action'] ) ) {
+ if ( ! empty( $_REQUEST['um_adm_action'] ) && is_admin() && current_user_can( 'manage_options' ) ) {
$action = sanitize_key( $_REQUEST['um_adm_action'] );
+ if ( empty( $_REQUEST['_wpnonce'] ) || ! wp_verify_nonce( $_REQUEST['_wpnonce'], $action ) ) {
+ wp_die( esc_attr__( 'Security Check', 'ultimate-member' ) );
+ }
+
/**
* UM hook
*