verify requests
This commit is contained in:
Matthias Pfefferle
parent
ebc9b6ac8d
commit
ef536cc977
2 changed files with 14 additions and 1 deletions
|
|
@ -82,7 +82,19 @@ class Followers extends WP_List_Table {
|
||||||
}
|
}
|
||||||
|
|
||||||
public function process_action() {
|
public function process_action() {
|
||||||
$followers = isset( $_REQUEST['followers'] ) ? $_REQUEST['followers'] : array(); // phpcs:ignore
|
if ( ! isset( $_REQUEST['followers'] ) || ! isset( $_REQUEST['_apnonce'] ) ) {
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
if ( ! wp_verify_nonce( $_REQUEST['_apnonce'], 'activitypub-followers-list' ) ) {
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
if ( ! current_user_can( 'edit_user', \get_current_user_id() ) ) {
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
$followers = $_REQUEST['followers']; // phpcs:ignore
|
||||||
|
|
||||||
switch ( $this->current_action() ) {
|
switch ( $this->current_action() ) {
|
||||||
case 'delete':
|
case 'delete':
|
||||||
|
|
|
||||||
|
|
@ -12,5 +12,6 @@
|
||||||
$token_table->prepare_items();
|
$token_table->prepare_items();
|
||||||
$token_table->display();
|
$token_table->display();
|
||||||
?>
|
?>
|
||||||
|
<?php wp_nonce_field( 'activitypub-followers-list', '_apnonce' ); ?>
|
||||||
</form>
|
</form>
|
||||||
</div>
|
</div>
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue