Commit ea915c53 authored by John James Jacoby's avatar John James Jacoby
Browse files

Add methods for nonce handling per user-taxonomy.

Also bump to 2.1.0.
parent ab0e5ca3
......@@ -3,7 +3,7 @@ Contributors: johnjamesjacoby, stuttter
Tags: taxonomy, term, user, group, type
Requires at least: 4.7
Tested up to: 4.9
Stable tag: 2.0.0
Stable tag: 2.1.0
License: GPLv2 or later
License URI: https://www.gnu.org/licenses/gpl-2.0.html
Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=9Q4F4EL5YJ62J
......@@ -77,6 +77,9 @@ http://github.com/stuttter/wp-user-groups/
== Changelog ==
= [2.1.0] - 2018/04/16 =
* Add a dedicated nonce for each user taxonomy (thanks Tom Dxw!)
= [2.0.0] - 2017/10/24 =
* Fix bug with user filtering
* Fix bug with setting user terms
......
......@@ -8,7 +8,7 @@
* License: GPLv2 or later
* License URI: https://www.gnu.org/licenses/gpl-2.0.html
* Description: Group users together with taxonomies & terms.
* Version: 2.0.0
* Version: 2.1.0
* Text Domain: wp-user-groups
* Domain Path: /wp-user-groups/assets/languages/
*/
......@@ -56,5 +56,5 @@ function wp_user_groups_get_plugin_url() {
* @return int
*/
function wp_user_groups_get_asset_version() {
return 201710240001;
return 201804160001;
}
......@@ -308,6 +308,11 @@ class WP_User_Taxonomy {
*/
public function save_terms_for_user( $user_id = 0 ) {
// Bail if nonce problem
if ( ! $this->verify_nonce() ) {
return;
}
// Additional checks if User Profiles is active
if ( function_exists( 'wp_user_profiles_get_section_hooknames' ) ) {
......@@ -531,6 +536,9 @@ class WP_User_Taxonomy {
</table>
<?php
// Nonce for table fields
$this->nonce_field();
}
/**
......@@ -762,6 +770,11 @@ class WP_User_Taxonomy {
*/
public function handle_bulk_actions( $redirect_to = '', $action = '', $user_ids = array() ) {
// Bail if nonce fails
if ( ! $this->verify_nonce() ) {
return $redirect_to;
}
// Get terms
$terms = get_terms( $this->taxonomy, array(
'hide_empty' => false
......@@ -1078,5 +1091,52 @@ class WP_User_Taxonomy {
// Return columns
return $defaults;
}
/** Nonce *****************************************************************/
/**
* Return the concatenated nonce key
*
* @since 2.1.0
*
* @return string
*/
private function get_nonce_key() {
return "wp_user_taxonomy_{$this->taxonomy}";
}
/**
* Output the nonce field for this user taxonomy table
*
* @since 2.1.0
*/
private function nonce_field() {
wp_nonce_field( $this->taxonomy, $this->get_nonce_key() );
}
/**
* Try to verify the nonce for this use taxonomy
*
* @since 2.1.0
*
* @return boolean
*/
private function verify_nonce() {
// Nonce exists?
$retval = false;
$key = $this->get_nonce_key();
$nonce = isset( $_REQUEST[ $key ] )
? $_REQUEST[ $key ]
: $retval;
// Return true if nonce was verified
if ( ! empty( $nonce ) && wp_verify_nonce( $nonce, $this->taxonomy ) ) {
$retval = true;
}
// Default return value
return $retval;
}
}
endif;
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment