From 3192c724aecae2f0b4c19f018860ce2baa4dadc9 Mon Sep 17 00:00:00 2001 From: Kelly Dwan Date: Thu, 5 Dec 2019 11:25:34 -0500 Subject: [PATCH] Verify nonce before processing action --- plugins/wporg-5ftf/includes/pledge.php | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/plugins/wporg-5ftf/includes/pledge.php b/plugins/wporg-5ftf/includes/pledge.php index 63405a7..e76c876 100755 --- a/plugins/wporg-5ftf/includes/pledge.php +++ b/plugins/wporg-5ftf/includes/pledge.php @@ -186,6 +186,12 @@ function handle_activation_action( $post_id ) { return; } + if ( 'deactivate' === $action ) { + check_admin_referer( 'deactivate-post_' . $post_id ); + } else { + check_admin_referer( 'reactivate-post_' . $post_id ); + } + $post = get_post( $post_id ); if ( ! is_a( $post, 'WP_Post' ) || CPT_ID !== $post->post_type ) { return;