verify requests

This commit is contained in:
Matthias Pfefferle 2023-04-21 16:40:46 +02:00
parent ebc9b6ac8d
commit ef536cc977
2 changed files with 14 additions and 1 deletions

View file

@ -82,7 +82,19 @@ class Followers extends WP_List_Table {
} }
public function process_action() { public function process_action() {
$followers = isset( $_REQUEST['followers'] ) ? $_REQUEST['followers'] : array(); // phpcs:ignore if ( ! isset( $_REQUEST['followers'] ) || ! isset( $_REQUEST['_apnonce'] ) ) {
return false;
}
if ( ! wp_verify_nonce( $_REQUEST['_apnonce'], 'activitypub-followers-list' ) ) {
return false;
}
if ( ! current_user_can( 'edit_user', \get_current_user_id() ) ) {
return false;
}
$followers = $_REQUEST['followers']; // phpcs:ignore
switch ( $this->current_action() ) { switch ( $this->current_action() ) {
case 'delete': case 'delete':

View file

@ -12,5 +12,6 @@
$token_table->prepare_items(); $token_table->prepare_items();
$token_table->display(); $token_table->display();
?> ?>
<?php wp_nonce_field( 'activitypub-followers-list', '_apnonce' ); ?>
</form> </form>
</div> </div>