tec3/five-for-the-future
tec3/five-for-the-future
1
0
Fork 0
mirror of https://github.com/WordPress/five-for-the-future.git synced 2025-04-22 19:13:44 +03:00
Code Issues Actions Packages Projects Releases Wiki Activity

Ensure the submitted contributor_post_id is valid

Browse source
This commit is contained in:
Caleb Burks 2019-11-06 00:45:38 -06:00
parent b105ec0099
commit 6f67ee1b38
1 changed files with 8 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
plugins/wporg-5ftf/includes/contributor.php
View file

@ -309,13 +309,18 @@ function process_my_pledges_form() {
$contributor_post_id = filter_input( INPUT_POST, 'contributor_post_id', FILTER_VALIDATE_INT ); $contributor_post_id = filter_input( INPUT_POST, 'contributor_post_id', FILTER_VALIDATE_INT );
$nonce = filter_input( INPUT_POST, '_wpnonce', FILTER_SANITIZE_STRING ); $nonce = filter_input( INPUT_POST, '_wpnonce', FILTER_SANITIZE_STRING );
if ( empty( $contributor_post_id ) || empty( $nonce ) ) { if ( empty( $contributor_post_id ) || empty( $nonce ) ) {
return ''; return ''; // Return early, the form wasn't submitted.
}
$contributor_post = get_post( $contributor_post_id );
if ( isset( $contributor_post->post_type ) && $contributor_post->post_type === CPT_ID ) {
$pledge = get_post( $contributor_post->post_parent );
} else {
return ''; // Return early, the form was submitted incorrectly.
} }
$message = ''; $message = '';
$status = false; $status = false;
$pledge = get_post( get_post( $contributor_post_id )->post_parent );
if ( filter_input( INPUT_POST, 'join_organization' ) ) { if ( filter_input( INPUT_POST, 'join_organization' ) ) {
wp_verify_nonce( $nonce, 'join_decline_organization' ) || wp_nonce_ays( 'join_decline_organization' ); wp_verify_nonce( $nonce, 'join_decline_organization' ) || wp_nonce_ays( 'join_decline_organization' );