Changeset 3046911

Timestamp:

03/07/2024 11:03:50 AM (2 years ago)

Author:

pressmate

Message:

Fixed CSRF issue with a page

Location:

makestories-helper/trunk

Files:

• makestories.php (modified) (1 diff)
• pages/category-structure.php (modified) (2 diffs)

makestories-helper/trunk/makestories.php

@@ -4 +4 @@
 Plugin URI:     https://makestories.io/official-wordpress-webstories-plugin/
 Description:    The leading Google Web Stories Editor is now available to create Stories in WordPress. It is easy to use, allows for extensive customization, and is adaptive for future changes.
-Version:        3.0.2
+Version:        3.0.3
 Author:         MakeStories Team
 Author URI:     https://makestories.io

makestories-helper/trunk/pages/category-structure.php

@@ -3 +3 @@
 
     if(isset($_POST['post_slug'])){
-        ms_set_options();
+        if(check_ajax_referer(MS_NONCE_REFERRER, false, false)){
+            ms_set_options();
+        }else{ //Token not verified so will not save the details to DB ?>
+            <div class="notice notice-error is-dismissible" style="margin-top: 20px;margin-left: 0;">
+                <p>Page has expired! Please try refreshing the page</p>
+            </div>
+        <?php }
     }
     
@@ -27 +33 @@
         <h2>MakeStories Settings</h2>
         <form method="POST" action="" class="category-allow-form">
-
+            <input type="hidden" name="_wpnonce" value="<?php echo wp_create_nonce( MS_NONCE_REFERRER ) ?>">
         <table class="form-table" role="presentation">