From 8230963ea4605e179d7fd927fd0aaa80b138f37d Mon Sep 17 00:00:00 2001
From: Caleb Burks <19caleb95@gmail.com>
Date: Wed, 6 Nov 2019 00:45:38 -0600
Subject: [PATCH] My Pledges: Ensure the submitted `contributor_post_id` is
 valid.

See #87
---
 plugins/wporg-5ftf/includes/contributor.php | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/plugins/wporg-5ftf/includes/contributor.php b/plugins/wporg-5ftf/includes/contributor.php
index a5b1c62..b8953d1 100644
--- a/plugins/wporg-5ftf/includes/contributor.php
+++ b/plugins/wporg-5ftf/includes/contributor.php
@@ -309,13 +309,18 @@ function process_my_pledges_form() {
 	$contributor_post_id = filter_input( INPUT_POST, 'contributor_post_id', FILTER_VALIDATE_INT );
 	$nonce               = filter_input( INPUT_POST, '_wpnonce', FILTER_SANITIZE_STRING );
 	if ( empty( $contributor_post_id ) || empty( $nonce ) ) {
-		return '';
+		return ''; // Return early, the form wasn't submitted.
+	}
+
+	$contributor_post = get_post( $contributor_post_id );
+	if ( isset( $contributor_post->post_type ) && $contributor_post->post_type === CPT_ID ) {
+		$pledge = get_post( $contributor_post->post_parent );
+	} else {
+		return ''; // Return early, the form was submitted incorrectly.
 	}
 
 	$message = '';
 	$status  = false;
-	$pledge  = get_post( get_post( $contributor_post_id )->post_parent );
-
 	if ( filter_input( INPUT_POST, 'join_organization' ) ) {
 		wp_verify_nonce( $nonce, 'join_decline_organization' ) || wp_nonce_ays( 'join_decline_organization' );