Skip to content

Commit

Permalink
Verify nonce before saving ef post subs
Browse files Browse the repository at this point in the history
  • Loading branch information
@hanifn
hanifn committed Jun 14, 2024
1 parent 0d6ddf2 commit 8c0adc7
Showing 1 changed file with 5 additions and 0 deletions.
5 changes: 5 additions & 0 deletions modules/notifications/notifications.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -516,6 +516,11 @@ public function handle_user_post_subscription() {
*/
public function save_post_subscriptions( $new_status, $old_status, $post ) {
global $edit_flow;

if ( ! empty( $_GET['_wpnonce'] ) && ! wp_verify_nonce( $_GET['_wpnonce'], 'editpost' ) ) {
$this->print_ajax_response( 'error', $this->module->messages['nonce-failed'] );
}

// only if has edit_post_subscriptions cap
if ( ( ! wp_is_post_revision( $post ) && ! wp_is_post_autosave( $post ) ) && isset( $_POST['ef-save_followers'] ) && current_user_can( $this->edit_post_subscriptions_cap ) ) {
$users = isset( $_POST['ef-selected-users'] ) ? $_POST['ef-selected-users'] : array();
Expand Down

0 comments on commit 8c0adc7

Please sign in to comment.