10h30/ultimatemember
1
0
Fork 0
mirror of https://github.com/10h30/ultimatemember.git synced 2026-06-05 15:09:37 +09:00
Code Issues Packages Projects Releases Wiki Activity

Add nonce in save settings

Browse Source
This commit is contained in:
Champ Camba
2018-04-13 19:13:56 +08:00
parent f05216f5e9
commit 5f3a9ec1e9
1 changed files with 14 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
includes/admin/core/class-admin-settings.php
+14
View File
@@ -1286,8 +1286,11 @@ if ( ! class_exists( 'um\admin\core\Admin_Settings' ) ) {
);
?>
<p class="submit">
<input type="submit" name="submit" id="submit" class="button button-primary" value="<?php _e( 'Save Changes', 'ultimate-member' ) ?>" />
<?php $um_settings_nonce = wp_create_nonce( 'um-settings-nonce' ); ?>
<input type="hidden" name="__umnonce" value="<?php echo $um_settings_nonce; ?>" />
</p>
</form>
@@ -1397,7 +1400,18 @@ if ( ! class_exists( 'um\admin\core\Admin_Settings' ) ) {
*
*/
function save_settings_handler() {
if ( isset( $_POST['um-settings-action'] ) && 'save' == $_POST['um-settings-action'] && ! empty( $_POST['um_options'] ) ) {
$nonce = $_POST['__umnonce'];
if ( ( ! wp_verify_nonce( $nonce, 'um-settings-nonce' ) || empty( $nonce ) ) || ! current_user_can('manage_options') ) {
// This nonce is not valid.
wp_die( 'Security Check' );
}
/**
* UM hook
*