Event-Federation/wordpress-activitypub
Event-Federation/wordpress-activitypub
7
1
Fork 0
Code Issues 3 Pull requests Projects Releases Wiki Activity Actions

verify nonce for search!

Browse source
This commit is contained in:
Matthias Pfefferle 2023-11-09 16:26:16 +01:00
parent 32d8e7c3f0
commit 90deea3f7b
1 changed files with 6 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
includes/table/class-followers.php
View file

@ -75,10 +75,13 @@ class Followers extends WP_List_Table {
} }
// phpcs:ignore WordPress.Security.NonceVerification.Recommended // phpcs:ignore WordPress.Security.NonceVerification.Recommended
if ( isset( $_GET['s'] ) ) { if ( isset( $_GET['s'] ) && isset( $_REQUEST['_wpnonce'] ) ) {
$nonce = sanitize_text_field( wp_unslash( $_REQUEST['_wpnonce'] ) );
if ( wp_verify_nonce( $nonce, 'bulk-' . $this->_args['plural'] ) ) {
// phpcs:ignore WordPress.Security.NonceVerification.Recommended // phpcs:ignore WordPress.Security.NonceVerification.Recommended
$args['s'] = sanitize_text_field( wp_unslash( $_GET['s'] ) ); $args['s'] = sanitize_text_field( wp_unslash( $_GET['s'] ) );
} }
}
$followers_with_count = FollowerCollection::get_followers_with_count( $this->user_id, $per_page, $page_num, $args ); $followers_with_count = FollowerCollection::get_followers_with_count( $this->user_id, $per_page, $page_num, $args );
$followers = $followers_with_count['followers']; $followers = $followers_with_count['followers'];