tec3/five-for-the-future
tec3/five-for-the-future
1
0
Fork 0
mirror of https://github.com/WordPress/five-for-the-future.git synced 2025-04-22 11:03:43 +03:00
Code Issues Actions Packages Projects Releases Wiki Activity

My Pledges: Verify current user is authorized to edit contribution.

Browse source 
Closes #90
This commit is contained in:
Caleb Burks 2019-11-06 20:18:35 -06:00 committed by Ian Dunn
parent 8e3ba2db96
commit 1023fdeb55
No known key found for this signature in database
GPG key ID: 99B971B50343CBCB
1 changed files with 7 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
plugins/wporg-5ftf/includes/contributor.php
View file

@ -313,17 +313,20 @@ function process_my_pledges_form() {
} }
$contributor_post = get_post( $contributor_post_id ); $contributor_post = get_post( $contributor_post_id );
if ( isset( $contributor_post->post_type ) && $contributor_post->post_type === CPT_ID ) { if ( ! isset( $contributor_post->post_type ) || $contributor_post->post_type !== CPT_ID ) {
$pledge = get_post( $contributor_post->post_parent );
} else {
return ''; // Return early, the form was submitted incorrectly. return ''; // Return early, the form was submitted incorrectly.
} }
$current_user = wp_get_current_user();
if ( ! isset( $current_user->user_login ) || $contributor_post->post_title !== $current_user->user_login ) {
return ''; // User doesn't have permission to update this.
}
$pledge = get_post( $contributor_post->post_parent );
$message = ''; $message = '';
$status = false; $status = false;
if ( filter_input( INPUT_POST, 'join_organization' ) ) { if ( filter_input( INPUT_POST, 'join_organization' ) ) {
$nonce_action = 'join_decline_organization_' . $contributor_post_id; $nonce_action = 'join_decline_organization_' . $contributor_post_id;
wp_verify_nonce( $unverified_nonce, $nonce_action ) || wp_nonce_ays( $nonce_action ); wp_verify_nonce( $unverified_nonce, $nonce_action ) || wp_nonce_ays( $nonce_action );
$status = 'publish'; $status = 'publish';