From 90deea3f7bfcd07871d119696376476143e89c01 Mon Sep 17 00:00:00 2001 From: Matthias Pfefferle Date: Thu, 9 Nov 2023 16:26:16 +0100 Subject: [PATCH] verify nonce for search! --- includes/table/class-followers.php | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/includes/table/class-followers.php b/includes/table/class-followers.php index bdcd4e1..3045ddd 100644 --- a/includes/table/class-followers.php +++ b/includes/table/class-followers.php @@ -75,9 +75,12 @@ class Followers extends WP_List_Table { } // phpcs:ignore WordPress.Security.NonceVerification.Recommended - if ( isset( $_GET['s'] ) ) { - // phpcs:ignore WordPress.Security.NonceVerification.Recommended - $args['s'] = sanitize_text_field( wp_unslash( $_GET['s'] ) ); + if ( isset( $_GET['s'] ) && isset( $_REQUEST['_wpnonce'] ) ) { + $nonce = sanitize_text_field( wp_unslash( $_REQUEST['_wpnonce'] ) ); + if ( wp_verify_nonce( $nonce, 'bulk-' . $this->_args['plural'] ) ) { + // phpcs:ignore WordPress.Security.NonceVerification.Recommended + $args['s'] = sanitize_text_field( wp_unslash( $_GET['s'] ) ); + } } $followers_with_count = FollowerCollection::get_followers_with_count( $this->user_id, $per_page, $page_num, $args );