Changeset 2705068

Timestamp:

04/05/2022 12:27:06 PM (3 years ago)

Author:

isaumya

Message:

Adding nonce support for deletion of banned users

Location:

ad-invalid-click-protector/trunk/inc

Files:

• admin_setup.php (modified) (1 diff)
• banned_user_table.php (modified) (1 diff)

ad-invalid-click-protector/trunk/inc/admin_setup.php

@@ -523 +523 @@
             $bannedUserTableOBJ = new AICP_BANNED_USER_TABLE();
             $aicpOBJ = new AICP();
-            if( 'delete'=== $bannedUserTableOBJ->current_action() ) {
-                global $wpdb;
-                $fetchedID = $_REQUEST['id'];
-                if( is_array( $fetchedID ) ) { // for bulk operation arry will return
-                    $selectedID = implode( ',', array_fill( 0, count( $fetchedID ), '%d' ) );
-                } else { //for singel delete just the id will return
-                            $selectedID = '%d';
-                }
-                if( empty( $selectedID ) ) {
-                    $this->delete_notice( false );
-                } else {
-                    $query = $wpdb->prepare(
-                                "DELETE FROM {$aicpOBJ->table_name} WHERE {$aicpOBJ->table_name}.id IN ($selectedID)",
-                                $fetchedID
-                            );
-                    $wpdb->query( $query );
-                    $this->delete_notice( true );
-                }
-            }
-            /* End of handelling the deletion process */
-            /* Now it's time to show our data */
+            if( ( 'delete'=== $bannedUserTableOBJ->current_action() ) && isset( $_REQUEST['nonce'] ) && wp_verify_nonce( $_REQUEST['nonce'], 'delete_banned_user' ) ) {
+                global $wpdb;
+                $fetchedID = $_REQUEST['id'];
+                if( is_array( $fetchedID ) ) { // for bulk operation arry will return
+                    $selectedID = implode( ',', array_fill( 0, count( $fetchedID ), '%d' ) );
+                } else { //for singel delete just the id will return
+                    $selectedID = '%d';
+                }
+                if( empty( $selectedID ) ) {
+                    $this->delete_notice( false );
+                } else {
+                    $query = $wpdb->prepare(
+                        "DELETE FROM {$aicpOBJ->table_name} WHERE {$aicpOBJ->table_name}.id IN ($selectedID)",
+                        $fetchedID
+                    );
+                    $wpdb->query( $query );
+            $this->delete_notice( true );
+                }
+            }
+            /* End of handelling the deletion process */
+            /* Now it's time to show our data */
             ?>
             <div class="wrap">

ad-invalid-click-protector/trunk/inc/banned_user_table.php

@@ -34 +34 @@
         public function column_ip( $item ) {
             $actions = array(
-                'delete'    => sprintf( '<a class="aicp_delete" href="?page=%s&action=%s&id=%s">Delete</a>', $_REQUEST['page'], 'delete', $item->id ),
+                'delete'    => sprintf( '<a class="aicp_delete" href="?page=%s&action=%s&id=%s&nonce=%s">Delete</a>', $_REQUEST['page'], 'delete', $item->id, wp_create_nonce( 'delete_banned_user' ) ),
             );