From 497b8309556fe28e0f6330ee5df1b53915206936 Mon Sep 17 00:00:00 2001 From: Dreb Bits Date: Wed, 15 Aug 2018 16:45:36 +0800 Subject: [PATCH] Add nonce --- purechat.php | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/purechat.php b/purechat.php index 5556870..f4e1c1b 100644 --- a/purechat.php +++ b/purechat.php @@ -44,8 +44,12 @@ function pure_chat_menu() { } function pure_chat_update() { - if($_POST['action'] == 'pure_chat_update' && strlen((string)$_POST['purechatwid']) == 36) - { + + if ( empty( $_POST['nonce'] ) || ! wp_verify_nonce( $_POST['nonce'], 'purechatnonce' ) ){ + return; + } + + if ( $_POST['action'] === 'pure_chat_update' && strlen( (string) $_POST['purechatwid'] ) === 36) { update_option( 'purechat_widget_code', sanitize_text_field( $_POST['purechatwid'] ) ); update_option( 'purechat_widget_name', sanitize_text_field( $_POST['purechatwname'] ) ); } @@ -75,11 +79,10 @@ function pure_chat_generateAcctPage() { -

Pure Chat logo
@@ -97,7 +100,6 @@ function pure_chat_generateAcctPage() {
-