fix CSRF flaw
This commit is contained in:
parent
ab30fec6ed
commit
0f54ea465e
1 changed files with 5 additions and 2 deletions
|
@ -202,10 +202,13 @@ class Admin {
|
||||||
}
|
}
|
||||||
|
|
||||||
public static function save_user_description( $user_id ) {
|
public static function save_user_description( $user_id ) {
|
||||||
if ( isset( $_REQUEST['_apnonce'] ) && ! wp_verify_nonce( $_REQUEST['_apnonce'], 'activitypub-user-description' ) ) {
|
if ( ! isset( $_REQUEST['_apnonce'] ) ) {
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
if ( ! current_user_can( 'edit_user', $user_id ) ) {
|
if (
|
||||||
|
! wp_verify_nonce( $_REQUEST['_apnonce'], 'activitypub-user-description' ) ||
|
||||||
|
! current_user_can( 'edit_user', $user_id )
|
||||||
|
) {
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
update_user_meta( $user_id, 'activitypub_user_description', sanitize_text_field( $_POST['activitypub-user-description'] ) );
|
update_user_meta( $user_id, 'activitypub_user_description', sanitize_text_field( $_POST['activitypub-user-description'] ) );
|
||||||
|
|
Loading…
Reference in a new issue