tec3/five-for-the-future
tec3/five-for-the-future
1
0
Fork 0
mirror of https://github.com/WordPress/five-for-the-future.git synced 2025-04-18 17:33:43 +03:00
Code Issues Actions Packages Projects Releases Wiki Activity

My Pledges: Append ID to nonce action to make it more unique.

Browse source 
Fixes #87
This commit is contained in:
Caleb Burks 2019-11-06 01:09:01 -06:00 committed by Ian Dunn
parent 8230963ea4
commit 8e3ba2db96
No known key found for this signature in database
GPG key ID: 99B971B50343CBCB
2 changed files with 11 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

14
plugins/wporg-5ftf/includes/contributor.php
View file

@ -307,8 +307,8 @@ function render_my_pledges() {
*/
function process_my_pledges_form() {
$contributor_post_id = filter_input( INPUT_POST, 'contributor_post_id', FILTER_VALIDATE_INT );
$nonce = filter_input( INPUT_POST, '_wpnonce', FILTER_SANITIZE_STRING );
if ( empty( $contributor_post_id ) || empty( $nonce ) ) {
$unverified_nonce = filter_input( INPUT_POST, '_wpnonce', FILTER_SANITIZE_STRING );
if ( empty( $contributor_post_id ) || empty( $unverified_nonce ) ) {
return ''; // Return early, the form wasn't submitted.
}
@ -322,19 +322,23 @@ function process_my_pledges_form() {
$message = '';
$status = false;
if ( filter_input( INPUT_POST, 'join_organization' ) ) {
wp_verify_nonce( $nonce, 'join_decline_organization' ) || wp_nonce_ays( 'join_decline_organization' );
$nonce_action = 'join_decline_organization_' . $contributor_post_id;
wp_verify_nonce( $unverified_nonce, $nonce_action ) || wp_nonce_ays( $nonce_action );
$status = 'publish';
$message = "You have joined the pledge from {$pledge->post_title}.";
} elseif ( filter_input( INPUT_POST, 'decline_invitation' ) ) {
wp_verify_nonce( $nonce, 'join_decline_organization' ) || wp_nonce_ays( 'join_decline_organization' );
$nonce_action = 'join_decline_organization_' . $contributor_post_id;
wp_verify_nonce( $unverified_nonce, $nonce_action ) || wp_nonce_ays( $nonce_action );
$status = 'trash';
$message = "You have declined the pledge invitation from {$pledge->post_title}.";
} elseif ( filter_input( INPUT_POST, 'leave_organization' ) ) {
wp_verify_nonce( $nonce, 'leave_organization' ) || wp_nonce_ays( 'leave_organization' );
$nonce_action = 'leave_organization_' . $contributor_post_id;
wp_verify_nonce( $unverified_nonce, $nonce_action ) || wp_nonce_ays( $nonce_action );
$status = 'trash';
$message = "You have left the {$pledge->post_title} pledge.";

4
plugins/wporg-5ftf/views/single-my-pledge.php
View file

@ -44,7 +44,7 @@ namespace WordPressDotOrg\FiveForTheFuture\View;
<input type="hidden" name="contributor_post_id" value="<?php echo esc_attr( $contributor_post->ID ); ?>" />
<?php if ( 'pending' === $contributor_post->post_status ) : ?>
<?php wp_nonce_field( 'join_decline_organization' ); ?>
<?php wp_nonce_field( 'join_decline_organization_' . $contributor_post->ID ); ?>
<input
type="submit"
@ -61,7 +61,7 @@ namespace WordPressDotOrg\FiveForTheFuture\View;
/>
<?php elseif ( 'publish' === $contributor_post->post_status ) : ?>
<?php wp_nonce_field( 'leave_organization' ); ?>
<?php wp_nonce_field( 'leave_organization_' . $contributor_post->ID ); ?>
<input
type="submit"