Event-Federation/wordpress-activitypub
Event-Federation/wordpress-activitypub
7
1
Fork 0
Code Issues 3 Pull requests Projects Releases Wiki Activity Actions

fix CSRF flaw

Browse source
This commit is contained in:
Matthias Pfefferle 2023-07-17 14:37:17 +02:00
parent ab30fec6ed
commit 0f54ea465e
1 changed files with 5 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
includes/class-admin.php
View file

@ -202,10 +202,13 @@ class Admin {
} }
public static function save_user_description( $user_id ) { public static function save_user_description( $user_id ) {
if ( isset( $_REQUEST['_apnonce'] ) && ! wp_verify_nonce( $_REQUEST['_apnonce'], 'activitypub-user-description' ) ) { if ( ! isset( $_REQUEST['_apnonce'] ) ) {
return false; return false;
} }
if ( ! current_user_can( 'edit_user', $user_id ) ) { if (
! wp_verify_nonce( $_REQUEST['_apnonce'], 'activitypub-user-description' ) ||
! current_user_can( 'edit_user', $user_id )
) {
return false; return false;
} }
update_user_meta( $user_id, 'activitypub_user_description', sanitize_text_field( $_POST['activitypub-user-description'] ) ); update_user_meta( $user_id, 'activitypub_user_description', sanitize_text_field( $_POST['activitypub-user-description'] ) );