Changeset 3096000 for popup-builder/trunk/com/classes/Ajax.php
- Timestamp:
- 06/01/2024 10:28:10 AM (11 months ago)
- File:
-
- 1 edited
-
popup-builder/trunk/com/classes/Ajax.php (modified) (22 diffs)
Legend:
- Unmodified
- Added
- Removed
-
popup-builder/trunk/com/classes/Ajax.php
r3085485 r3096000 92 92 } 93 93 check_ajax_referer(SG_AJAX_NONCE, 'nonce'); 94 /** 95 * We only allow administrator to do this action 96 */ 97 if ( ! current_user_can( 'manage_options' ) ) { 98 wp_die(esc_html__('You do not have permission to do this action!', 'popup-builder')); 99 } 94 100 if (!isset($_POST['post_ID'])){ 95 101 wp_die(0); … … 130 136 { 131 137 check_ajax_referer(SG_AJAX_NONCE, 'nonce'); 138 /** 139 * We only allow administrator to do this action 140 */ 141 if ( ! current_user_can( 'manage_options' ) ) { 142 wp_die(esc_html__('You do not have permission to do this action!', 'popup-builder')); 143 } 132 144 update_option('SGPBCloseReviewPopup-notification', true); 133 145 do_action('sgpbGetNotifications'); … … 138 150 { 139 151 check_ajax_referer(SG_AJAX_NONCE, 'nonce'); 152 /** 153 * We only allow administrator to do this action 154 */ 155 if ( ! current_user_can( 'manage_options' ) ) { 156 wp_die(esc_html__('You do not have permission to do this action!', 'popup-builder')); 157 } 140 158 $messageType = isset($_POST['messageType']) ? sanitize_text_field($_POST['messageType']) : ''; 141 159 … … 173 191 { 174 192 check_ajax_referer(SG_AJAX_NONCE, 'nonce'); 193 /** 194 * We only allow administrator to do this action 195 */ 196 if ( ! current_user_can( 'manage_options' ) ) { 197 wp_die(esc_html__('You do not have permission to do this action!', 'popup-builder')); 198 } 175 199 if (!isset($_POST['popupId'])){ 176 200 wp_die(0); … … 202 226 { 203 227 check_ajax_referer(SG_AJAX_NONCE, 'nonce'); 228 /** 229 * We only allow administrator to do this action 230 */ 231 if ( ! current_user_can( 'manage_options' ) ) { 232 wp_die(esc_html__('You do not have permission to do this action!', 'popup-builder')); 233 } 204 234 update_option('sgpbDontShowAskReviewBanner', 1); 205 235 echo esc_html(SGPB_AJAX_STATUS_TRUE); … … 210 240 { 211 241 check_ajax_referer(SG_AJAX_NONCE, 'nonce'); 242 /** 243 * We only allow administrator to do this action 244 */ 245 if ( ! current_user_can( 'manage_options' ) ) { 246 wp_die(esc_html__('You do not have permission to do this action!', 'popup-builder')); 247 } 212 248 update_option('sgpb_alert_problems', 1); 213 249 echo esc_html(SGPB_AJAX_STATUS_TRUE); … … 218 254 { 219 255 check_ajax_referer(SG_AJAX_NONCE, 'nonce'); 256 /** 257 * We only allow administrator to do this action 258 */ 259 if ( ! current_user_can( 'manage_options' ) ) { 260 wp_die(esc_html__('You do not have permission to do this action!', 'popup-builder')); 261 } 220 262 update_option('sgpb_extensions_updated', 1); 221 263 echo esc_html(SGPB_AJAX_STATUS_TRUE); … … 226 268 { 227 269 check_ajax_referer(SG_AJAX_NONCE, 'nonce'); 270 /** 271 * We only allow administrator to do this action 272 */ 273 if ( ! current_user_can( 'manage_options' ) ) { 274 wp_die(esc_html__('You do not have permission to do this action!', 'popup-builder')); 275 } 228 276 update_option('sgpb-hide-support-banner', 1); 229 277 do_action('sgpbGetNotifications'); … … 234 282 { 235 283 check_ajax_referer(SG_AJAX_NONCE, 'nonce'); 284 /** 285 * We only allow administrator to do this action 286 */ 287 if ( ! current_user_can( 'manage_options' ) ) { 288 wp_die(esc_html__('You do not have permission to do this action!', 'popup-builder')); 289 } 236 290 update_option('sgpb-hide-license-notice-banner', 1); 237 291 wp_die(); … … 241 295 { 242 296 check_ajax_referer(SG_AJAX_NONCE, 'nonce'); 243 297 244 298 if(isset($_GET['sg_popup_preview_id']) && !isset($_POST['params'])) { 245 299 wp_die(0); … … 276 330 277 331 check_ajax_referer(SG_AJAX_NONCE, 'nonce'); 278 332 /** 333 * We only allow administrator to do this action 334 */ 335 if ( ! current_user_can( 'manage_options' ) ) { 336 wp_die(esc_html__('You do not have permission to do this action!', 'popup-builder')); 337 } 279 338 if (empty($_POST['subscribersId'])){ 280 339 wp_die(); … … 293 352 294 353 check_ajax_referer(SG_AJAX_NONCE, 'nonce'); 354 /** 355 * We only allow administrator to do this action 356 */ 357 if ( ! current_user_can( 'manage_options' ) ) { 358 wp_die(esc_html__('You do not have permission to do this action!', 'popup-builder')); 359 } 295 360 $status = SGPB_AJAX_STATUS_FALSE; 296 361 $firstName = isset($_POST['firstName']) ? sanitize_text_field($_POST['firstName']) : ''; … … 332 397 { 333 398 check_ajax_referer(SG_AJAX_NONCE, 'nonce'); 399 /** 400 * We only allow administrator to do this action 401 */ 402 if ( ! current_user_can( 'manage_options' ) ) { 403 wp_die(esc_html__('You do not have permission to do this action!', 'popup-builder')); 404 } 334 405 $formId = isset($_POST['popupSubscriptionList']) ? (int)sanitize_text_field($_POST['popupSubscriptionList']) : ''; 335 406 $fileURL = isset($_POST['importListURL']) ? sanitize_text_field($_POST['importListURL']) : ''; … … 346 417 { 347 418 check_ajax_referer(SG_AJAX_NONCE, 'nonce'); 419 /** 420 * We only allow administrator to do this action 421 */ 422 if ( ! current_user_can( 'manage_options' ) ) { 423 wp_die(esc_html__('You do not have permission to do this action!', 'popup-builder')); 424 } 348 425 ob_start(); 349 426 require_once SG_POPUP_VIEWS_PATH.'importPopupsView.php'; … … 358 435 { 359 436 check_ajax_referer(SG_AJAX_NONCE, 'nonce'); 437 /** 438 * We only allow administrator to do this action 439 */ 440 if ( ! current_user_can( 'manage_options' ) ) { 441 wp_die(esc_html__('You do not have permission to do this action!', 'popup-builder')); 442 } 360 443 @ini_set('auto_detect_line_endings', '1'); 361 444 $formId = isset($_POST['popupSubscriptionList']) ? (int)sanitize_text_field($_POST['popupSubscriptionList']) : ''; … … 407 490 } 408 491 check_ajax_referer(SG_AJAX_NONCE, 'nonce'); 492 /** 493 * We only allow administrator to do this action 494 */ 495 if ( ! current_user_can( 'manage_options' ) ) { 496 wp_die(esc_html__('You do not have permission to do this action!', 'popup-builder')); 497 } 498 409 499 global $wpdb; 410 500 … … 438 528 { 439 529 check_ajax_referer(SG_AJAX_NONCE, 'nonce'); 440 530 /** 531 * We only allow administrator to do this action 532 */ 533 if ( ! current_user_can( 'manage_options' ) ) { 534 wp_die(esc_html__('You do not have permission to do this action!', 'popup-builder')); 535 } 441 536 $url = isset($_POST['iframeUrl']) ? esc_url_raw($_POST['iframeUrl']) : ''; 442 537 $status = SGPB_AJAX_STATUS_FALSE; … … 562 657 { 563 658 check_ajax_referer(SG_AJAX_NONCE, 'nonce'); 659 /** 660 * We only allow administrator to do this action 661 */ 662 if ( ! current_user_can( 'manage_options' ) ) { 663 wp_die(esc_html__('You do not have permission to do this action!', 'popup-builder')); 664 } 564 665 // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized 565 666 $submissionData = isset($_POST['formData']) ? $_POST['formData'] : "[]"; … … 624 725 { 625 726 check_ajax_referer(SG_AJAX_NONCE, 'nonce_ajax'); 727 /** 728 * We only allow administrator to do this action 729 */ 730 if ( ! current_user_can( 'manage_options' ) ) { 731 wp_die(esc_html__('You do not have permission to do this action!', 'popup-builder')); 732 } 626 733 627 734 $postTypeName = isset($_POST['searchKey']) ? sanitize_text_field($_POST['searchKey']) : ''; // TODO strongly validate postTypeName example: use ENUM … … 676 783 { 677 784 check_ajax_referer(SG_AJAX_NONCE, 'nonce_ajax'); 785 /** 786 * We only allow administrator to do this action 787 */ 788 if ( ! current_user_can( 'manage_options' ) ) { 789 wp_die(esc_html__('You do not have permission to do this action!', 'popup-builder')); 790 } 678 791 global $SGPB_DATA_CONFIG_ARRAY; 679 792 … … 698 811 { 699 812 check_ajax_referer(SG_AJAX_NONCE, 'nonce_ajax'); 813 /** 814 * We only allow administrator to do this action 815 */ 816 if ( ! current_user_can( 'manage_options' ) ) { 817 wp_die(esc_html__('You do not have permission to do this action!', 'popup-builder')); 818 } 700 819 $data = ''; 701 820 global $SGPB_DATA_CONFIG_ARRAY; … … 720 839 { 721 840 check_ajax_referer(SG_AJAX_NONCE, 'nonce_ajax'); 841 /** 842 * We only allow administrator to do this action 843 */ 844 if ( ! current_user_can( 'manage_options' ) ) { 845 wp_die(esc_html__('You do not have permission to do this action!', 'popup-builder')); 846 } 722 847 $data = ''; 723 848 global $SGPB_DATA_CONFIG_ARRAY;
Note: See TracChangeset
for help on using the changeset viewer.