Skip to content

Commit

Permalink
Merge pull request #124 from Themefic-Team/staging
Browse files Browse the repository at this point in the history 
= 2.11.22 - 21 March 2024 =
  • Loading branch information
@Ashik384
Ashik384 authored Mar 21, 2024
2 parents 8d93164 + 96c4940 commit 2e66616
Show file tree
Hide file tree
Showing 25 changed files with 53 additions and 94 deletions.
3 changes: 1 addition & 2 deletions admin/tf-options/classes/TF_Metabox.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -149,8 +149,7 @@ public function tf_meta_box_content( $post ) {
*/
public function save_metabox( $post_id ) {
// Check if a nonce is valid.

if ( !empty($_POST['tf_meta_box_nonce']) && ! wp_verify_nonce( esc_attr($_POST['tf_meta_box_nonce']), 'tf_meta_box_nonce_action' ) ) {
if ( !isset($_POST['tf_meta_box_nonce']) || ! wp_verify_nonce( sanitize_text_field(wp_unslash($_POST['tf_meta_box_nonce'])), 'tf_meta_box_nonce_action' ) ) {
return;
}

Expand Down
2 changes: 1 addition & 1 deletion admin/tf-options/classes/TF_Settings.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -871,7 +871,7 @@ public function tf_ajax_save_options() {
'message' => __( 'Something went wrong!', 'tourfic' ),
];

if( ! empty( $_POST['tf_option_nonce'] ) && wp_verify_nonce( $_POST['tf_option_nonce'], 'tf_option_nonce_action' ) ) {
if( isset( $_POST['tf_option_nonce'] ) || wp_verify_nonce( sanitize_text_field(wp_unslash($_POST['tf_option_nonce'])), 'tf_option_nonce_action' ) ) {

if(isset($_POST['tf_import_option']) && !empty(wp_unslash( trim( $_POST['tf_import_option']) )) ){

Expand Down
2 changes: 1 addition & 1 deletion admin/tf-options/classes/TF_Taxonomy_Metabox.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -112,7 +112,7 @@ public function tf_taxonomy_content( $term ) {
public function save_taxonomy( $term_id ) {

// Check if a nonce is valid.
if ( !empty($_POST['tf_taxonomy_nonce']) && ! wp_verify_nonce( esc_attr($_POST['tf_taxonomy_nonce']), 'tf_taxonomy_nonce_action' ) ) {
if ( !isset($_POST['tf_taxonomy_nonce']) || ! wp_verify_nonce( sanitize_text_field(wp_unslash($_POST['tf_taxonomy_nonce'])), 'tf_taxonomy_nonce_action' ) ) {
return;
}

Expand Down
6 changes: 0 additions & 6 deletions inc/booking-details/apartment/booking-details.php
View file
Original file line number Diff line number Diff line change
@@ -1,9 +1,3 @@
<?php
if ( !empty($_REQUEST['nonce']) && ! wp_verify_nonce( esc_attr($_REQUEST['nonce']), 'updates' ) ) {
// This nonce is not valid.
die( esc_html_e( 'Security Reasons', 'tourfic' ) );
}
?>
<div class="tf-booking-header-filter">
<div class="tf-left-search-filter">
<div class="tf-bulk-action-form">
Expand Down
7 changes: 1 addition & 6 deletions inc/booking-details/apartment/single-booking-details.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,12 +8,7 @@
<?php esc_html_e("Back", "tourfic"); ?>
</a>
</div>
<?php
if ( ! wp_verify_nonce( esc_attr($_REQUEST['nonce']), 'tf_booking_details' ) ) {
// This nonce is not valid.
die( esc_html_e( 'Security Reasons', 'tourfic' ) );
}

<?php
global $wpdb;
$tf_order_details = $wpdb->get_row( $wpdb->prepare( "SELECT * FROM {$wpdb->prefix}tf_order_data WHERE id = %s AND order_id = %s",sanitize_key( $_GET['book_id'] ), sanitize_key( $_GET['order_id'] ) ) );
?>
Expand Down
6 changes: 0 additions & 6 deletions inc/booking-details/hotel/booking-details.php
View file
Original file line number Diff line number Diff line change
@@ -1,9 +1,3 @@
<?php
if ( !empty($_REQUEST['nonce']) && ! wp_verify_nonce( esc_attr($_REQUEST['nonce']), 'updates' ) ) {
// This nonce is not valid.
die( esc_html_e( 'Security Reasons', 'tourfic' ) );
}
?>
<div class="tf-booking-header-filter">
<div class="tf-left-search-filter">
<div class="tf-bulk-action-form">
Expand Down
7 changes: 1 addition & 6 deletions inc/booking-details/hotel/single-booking-details.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,12 +8,7 @@
<?php esc_html_e("Back", "tourfic"); ?>
</a>
</div>
<?php
if ( ! wp_verify_nonce( esc_attr($_REQUEST['nonce']), 'tf_booking_details' ) ) {
// This nonce is not valid.
die( esc_html_e( 'Security Reasons', 'tourfic' ) );
}

<?php
global $wpdb;
$tf_order_details = $wpdb->get_row( $wpdb->prepare( "SELECT * FROM {$wpdb->prefix}tf_order_data WHERE id = %s AND order_id = %s",sanitize_key( $_GET['book_id'] ), sanitize_key( $_GET['order_id'] ) ) );
?>
Expand Down
6 changes: 0 additions & 6 deletions inc/booking-details/tour/booking-details.php
View file
Original file line number Diff line number Diff line change
@@ -1,9 +1,3 @@
<?php
if ( !empty($_REQUEST['nonce']) && ! wp_verify_nonce( esc_attr($_REQUEST['nonce']), 'updates' ) ) {
// This nonce is not valid.
die( esc_html_e( 'Security Reasons', 'tourfic' ) );
}
?>
<div class="tf-booking-header-filter">
<div class="tf-left-search-filter">
<div class="tf-bulk-action-form">
Expand Down
7 changes: 1 addition & 6 deletions inc/booking-details/tour/single-booking-details.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,12 +8,7 @@
<?php esc_html_e("Back", "tourfic"); ?>
</a>
</div>
<?php
if ( ! wp_verify_nonce( esc_attr($_REQUEST['nonce']), 'tf_booking_details' ) ) {
// This nonce is not valid.
die( esc_html_e( 'Security Reasons', 'tourfic' ) );
}

<?php
global $wpdb;
$tf_order_details = $wpdb->get_row( $wpdb->prepare( "SELECT * FROM {$wpdb->prefix}tf_order_data WHERE id = %s AND order_id = %s",sanitize_key( $_GET['book_id'] ), sanitize_key( $_GET['order_id'] ) ) );
?>
Expand Down
16 changes: 8 additions & 8 deletions inc/classes/class-setup-wizard.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -257,7 +257,7 @@ private function tf_setup_step_travelfic() {
</svg>
</div>
</div>
<p class="tf-setup-step-desc"><?php esc_html_e( "Travelfic is a WordPress theme created by us to improve your site’s frontend. While Tourfic </br>manages your backend and booking, Travelfic ensures your travel site looks great and </br>operates smoothly. ", "tourfic" ) ?><a href="https://wordpress.org/themes/travelfic/" target="_blank"><?php esc_html_e("Know more about Travelfic", "tourfic"); ?></a></p>
<p class="tf-setup-step-desc"><?php esc_html_e( "Travelfic is a WordPress theme created by us to improve your site’s frontend. While Tourfic manages your backend and booking, Travelfic ensures your travel site looks great and operates smoothly. ", "tourfic" ) ?><a href="https://wordpress.org/themes/travelfic/" target="_blank"><?php esc_html_e("Know more about Travelfic", "tourfic"); ?></a></p>

<div class="setup-theme-style">
<img src="<?php echo esc_url(TF_ASSETS_ADMIN_URL) . 'images/themes.png' ?>" alt="<?php esc_attr_e( 'Travelfic Theme', 'tourfic' ) ?>">
Expand Down Expand Up @@ -425,7 +425,7 @@ private function tf_setup_step_three() {

<div class="tf-hotel-setup-wizard">
<h3 class="tf-setup-step-subtitle"><?php esc_html_e( 'Hotel settings', 'tourfic' ) ?></h3>
<p class="tf-setup-step-desc"><?php esc_html_e( 'These settings can be overridden from <span>Tourfic Settings > Hotel Settings</span>', 'tourfic' ) ?></p>
<p class="tf-setup-step-desc"><?php echo wp_kses_post( 'These settings can be overridden from <span>Tourfic Settings > Hotel Settings</span>' ) ?></p>

<div class="setup-form-group tf-setup-group-general">
<!--Review Section-->
Expand Down Expand Up @@ -464,7 +464,7 @@ class="tf-switch" <?php echo empty( $tf_hotel_share ) ? esc_attr( 'checked' ) :

<div class="tf-tour-setup-wizard">
<h3 class="tf-setup-step-subtitle"><?php esc_html_e( 'Tour settings', 'tourfic' ) ?></h3>
<p class="tf-setup-step-desc"><?php esc_html_e( 'These settings can be overridden from <span>Tourfic Settings > Tour Settings</span>', 'tourfic' ) ?></p>
<p class="tf-setup-step-desc"><?php echo wp_kses_post( 'These settings can be overridden from <span>Tourfic Settings > Tour Settings</span>' ) ?></p>

<div class="setup-form-group tf-setup-group-general">
<!--Review Section-->
Expand Down Expand Up @@ -503,7 +503,7 @@ class="tf-switch" <?php echo empty( $tf_tour_related ) ? esc_attr( 'checked' ) :

<div class="tf-apartment-setup-wizard">
<h3 class="tf-setup-step-subtitle"><?php esc_html_e( 'Apartment settings', 'tourfic' ) ?></h3>
<p class="tf-setup-step-desc"><?php esc_html_e( 'These settings can be overridden from <span>Tourfic Settings > Apartment Settings</span>', 'tourfic' ) ?></p>
<p class="tf-setup-step-desc"><?php echo wp_kses_post( 'These settings can be overridden from <span>Tourfic Settings > Apartment Settings</span>' ) ?></p>

<div class="setup-form-group">
<!--Review Section-->
Expand Down Expand Up @@ -590,7 +590,7 @@ private function tf_setup_step_four() {
<div class="tf-hotel-setup-wizard">

<h3 class="tf-setup-step-subtitle"><?php esc_html_e( 'Hotel Template', 'tourfic' ) ?></h3>
<p class="tf-setup-step-desc"><?php esc_html_e( 'These settings can be overridden from <span>Tourfic Settings > Hotel Settings</span>', 'tourfic' ) ?></p>
<p class="tf-setup-step-desc"><?php echo wp_kses_post( 'These settings can be overridden from <span>Tourfic Settings > Hotel Settings</span>' ) ?></p>

<div class="setup-form-group">
<!--Hotel Single Template-->
Expand Down Expand Up @@ -670,7 +670,7 @@ private function tf_setup_step_four() {
<div class="tf-tour-setup-wizard">

<h3 class="tf-setup-step-subtitle"><?php esc_html_e( 'Tour settings', 'tourfic' ) ?></h3>
<p class="tf-setup-step-desc"><?php esc_html_e( 'These settings can be overridden from <span>Tourfic Settings > Tour Settings</span>', 'tourfic' ) ?></p>
<p class="tf-setup-step-desc"><?php echo wp_kses_post( 'These settings can be overridden from <span>Tourfic Settings > Tour Settings</span>' ) ?></p>

<div class="setup-form-group">

Expand Down Expand Up @@ -752,7 +752,7 @@ private function tf_setup_step_four() {
<div class="tf-apartment-setup-wizard">

<h3 class="tf-setup-step-subtitle"><?php esc_html_e( 'Apartment settings', 'tourfic' ) ?></h3>
<p class="tf-setup-step-desc"><?php esc_html_e( 'These settings can be overridden from <span>Tourfic Settings > Apartment Settings</span>', 'tourfic' ) ?></p>
<p class="tf-setup-step-desc"><?php wp_kses_post( 'These settings can be overridden from <span>Tourfic Settings > Apartment Settings</span>' ) ?></p>

<div class="setup-form-group">

Expand Down Expand Up @@ -939,7 +939,7 @@ private function tf_setup_wizard_steps_header( $active_step = 1 ) {
function tf_setup_wizard_submit_ajax() {

// Add nonce for security and authentication.
if ( isset( $_POST['tf_setup_wizard_nonce'] ) && ! wp_verify_nonce( $_POST['tf_setup_wizard_nonce'], 'tf_setup_wizard_action' ) ) {
if ( !isset( $_POST['tf_setup_wizard_nonce'] ) || ! wp_verify_nonce( sanitize_text_field(wp_unslash($_POST['tf_setup_wizard_nonce'])), 'tf_setup_wizard_action' ) ) {
return;
}

Expand Down
5 changes: 2 additions & 3 deletions inc/functions.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1773,7 +1773,7 @@ function dateSetToFields(selectedDates, instance) {
add_action( 'wp_ajax_tf_trigger_filter', 'tf_search_result_ajax_sidebar' );
function tf_search_result_ajax_sidebar() {
// Check nonce security
if ( ! isset( $_POST['_nonce'] ) || ! wp_verify_nonce( $_POST['_nonce'], 'tf_ajax_nonce' ) ) {
if ( !isset( $_POST['_nonce'] ) || !wp_verify_nonce( sanitize_text_field(wp_unslash($_POST['_nonce'])), 'tf_ajax_nonce' ) ) {
return;
}
/**
Expand Down Expand Up @@ -2986,8 +2986,7 @@ function tf_affiliate_install_callback() {
'status' => 'error',
'message' => esc_html__( 'Something went wrong. Please try again.', 'tourfic' )
];
$nonce = isset( $_POST['nonce'] ) ? sanitize_text_field( $_POST['nonce'] ) : '';
if ( ! wp_verify_nonce( $nonce, 'tf_affiliate_install' ) ) {
if ( !isset( $_POST['nonce'] ) || ! wp_verify_nonce( sanitize_text_field( wp_unslash($_POST['nonce']) ), 'tf_affiliate_install' ) ) {
wp_send_json_error( $response );
}
if ( current_user_can( 'activate_plugins' ) ) {
Expand Down
10 changes: 7 additions & 3 deletions inc/functions/functions-apartment.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2594,7 +2594,7 @@ function tf_apartment_host_rating( $author_id ) {
if ( ! function_exists( 'tf_apartment_room_quick_view' ) ) {
function tf_apartment_room_quick_view() {
// Check nonce security
if ( ! isset( $_POST['_nonce'] ) || ! wp_verify_nonce( $_POST['_nonce'], 'tf_ajax_nonce' ) ) {
if ( ! isset( $_POST['_nonce'] ) || ! wp_verify_nonce( sanitize_text_field(wp_unslash($_POST['_nonce'])), 'tf_ajax_nonce' ) ) {
return;
}
$meta = get_post_meta( sanitize_text_field( $_POST['post_id'] ), 'tf_apartment_opt', true );
Expand Down Expand Up @@ -2891,23 +2891,27 @@ function tf_apartment_feature_assign_taxonomies( $post_id, $post, $old_status )
if ( ! function_exists( 'tf_apartments_search_ajax_callback' ) ) {
function tf_apartments_search_ajax_callback() {
// Check nonce security
if ( ! isset( $_POST['_nonce'] ) || ! wp_verify_nonce( $_POST['_nonce'], 'tf_ajax_nonce' ) ) {
if ( ! isset( $_POST['_nonce'] ) || ! wp_verify_nonce( sanitize_text_field(wp_unslash($_POST['_nonce'])), 'tf_ajax_nonce' ) ) {
return;
}
$response = [
'status' => 'error',
'status' => 'success',
'message' => '',
];

if ( tfopt( 'date_apartment_search' ) && ( ! isset( $_POST['check-in-out-date'] ) || empty( $_POST['check-in-out-date'] ) ) ) {
$response['message'] = esc_html__( 'Please select a date', 'tourfic' );
$response['status'] = 'error';
}

if ( tfopt( 'date_apartment_search' ) ) {
if ( ! empty( $_POST['check-in-out-date'] ) ) {
$response['query_string'] = str_replace( '&action=tf_apartments_search', '', http_build_query( $_POST ) );
$response['status'] = 'success';
}
}else{
$response['query_string'] = str_replace( '&action=tf_apartments_search', '', http_build_query( $_POST ) );
$response['status'] = 'success';
}

echo wp_json_encode( $response );
Expand Down
2 changes: 1 addition & 1 deletion inc/functions/functions-helper.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -641,7 +641,7 @@ class="regular-text"/><br/>
*/
if ( ! function_exists( 'tf_save_extra_user_profile_fields' ) ) {
function tf_save_extra_user_profile_fields( $user_id ) {
if ( empty( $_POST['_wpnonce'] ) || ! wp_verify_nonce( $_POST['_wpnonce'], 'update-user_' . $user_id ) ) {
if ( !isset( $_POST['_wpnonce'] ) || ! wp_verify_nonce( sanitize_text_field(wp_unslash($_POST['_wpnonce'])), 'update-user_' . $user_id ) ) {
return;
}

Expand Down
14 changes: 7 additions & 7 deletions inc/functions/functions-hotel.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -333,7 +333,7 @@ function get_hotel_locations() {

function tf_hotel_airport_service_callback() {
// Check nonce security
if ( ! isset( $_POST['_nonce'] ) || ! wp_verify_nonce( $_POST['_nonce'], 'tf_ajax_nonce' ) ) {
if ( ! isset( $_POST['_nonce'] ) || ! wp_verify_nonce( sanitize_text_field(wp_unslash($_POST['_nonce'])), 'tf_ajax_nonce' ) ) {
return;
}
$meta = get_post_meta( sanitize_key( $_POST['id'] ), 'tf_hotels_opt', true );
Expand Down Expand Up @@ -702,7 +702,7 @@ function tf_hotel_airport_service_callback() {
function tf_room_availability_callback() {

// Check nonce security
if ( ! isset( $_POST['tf_room_avail_nonce'] ) || ! wp_verify_nonce( $_POST['tf_room_avail_nonce'], 'check_room_avail_nonce' ) ) {
if ( ! isset( $_POST['tf_room_avail_nonce'] ) || ! wp_verify_nonce( sanitize_text_field(wp_unslash($_POST['tf_room_avail_nonce'])), 'check_room_avail_nonce' ) ) {
return;
}

Expand Down Expand Up @@ -3638,7 +3638,7 @@ function tf_remove_order_ids_from_room() {
*/
add_action( 'wp_ajax_tf_remove_room_order_ids', 'tf_remove_room_order_ids' );
function tf_remove_room_order_ids() {
if( !empty($_POST['_ajax_nonce']) && !wp_verify_nonce( sanitize_text_field( wp_unslash( $_POST['_ajax_nonce'] ) ), 'updates' ) ){
if( !isset($_POST['_ajax_nonce']) || !wp_verify_nonce( sanitize_text_field( wp_unslash( $_POST['_ajax_nonce'] ) ), 'updates' ) ){
return;
}

Expand Down Expand Up @@ -3674,7 +3674,7 @@ function tf_remove_room_order_ids() {

function tf_hotel_quickview_callback() {
// Check nonce security
if ( ! isset( $_POST['_nonce'] ) || ! wp_verify_nonce( $_POST['_nonce'], 'tf_ajax_nonce' ) ) {
if ( ! isset( $_POST['_nonce'] ) || ! wp_verify_nonce( sanitize_text_field(wp_unslash($_POST['_nonce'])), 'tf_ajax_nonce' ) ) {
return;
}
$meta = get_post_meta( $_POST['post_id'], 'tf_hotels_opt', true );
Expand Down Expand Up @@ -4081,7 +4081,7 @@ function tf_hotel_quickview_callback() {

function tf_hotel_archive_popup_qv_callback(){
// Check nonce security
if ( ! isset( $_POST['_nonce'] ) || ! wp_verify_nonce( $_POST['_nonce'], 'tf_ajax_nonce' ) ) {
if ( ! isset( $_POST['_nonce'] ) || ! wp_verify_nonce( sanitize_text_field(wp_unslash($_POST['_nonce'])), 'tf_ajax_nonce' ) ) {
return;
}
if( !empty($_POST['post_type']) && "tf_hotel"==$_POST['post_type']){
Expand Down Expand Up @@ -4187,7 +4187,7 @@ function tf_hotel_total_room_adult_child( $hotel_id, $type = 'room' ) {
if ( ! function_exists( 'tf_hotel_search_ajax_callback' ) ) {
function tf_hotel_search_ajax_callback() {
// Check nonce security
if ( ! isset( $_POST['_nonce'] ) || ! wp_verify_nonce( $_POST['_nonce'], 'tf_ajax_nonce' ) ) {
if ( ! isset( $_POST['_nonce'] ) || ! wp_verify_nonce( sanitize_text_field(wp_unslash($_POST['_nonce'])), 'tf_ajax_nonce' ) ) {
return;
}
$response = [
Expand Down Expand Up @@ -4260,7 +4260,7 @@ function tf_hotel_filter_by_features( $features ) {

function tf_hotel_booking_popup_callback() {
// Check nonce security
if ( ! isset( $_POST['tf_room_booking_nonce'] ) || ! wp_verify_nonce( $_POST['tf_room_booking_nonce'], 'check_room_booking_nonce' ) ) {
if ( ! isset( $_POST['tf_room_booking_nonce'] ) || ! wp_verify_nonce( sanitize_text_field(wp_unslash($_POST['tf_room_booking_nonce'])), 'check_room_booking_nonce' ) ) {
return;
}

Expand Down
2 changes: 1 addition & 1 deletion inc/functions/functions-review.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -291,7 +291,7 @@ function tf_save_rating( $comment_id, $comment_approved, $commentdata ) {
// Get the post ID from the comment data
$post_id = $commentdata['comment_post_ID'];
// Check nonce security
if ( ! isset( $_POST['_wp_unfiltered_html_comment'] ) || ! wp_verify_nonce( $_POST['_wp_unfiltered_html_comment'], 'unfiltered-html-comment_' . $post_id ) ) {
if ( ! isset( $_POST['_wp_unfiltered_html_comment'] ) || ! wp_verify_nonce( sanitize_text_field(wp_unslash($_POST['_wp_unfiltered_html_comment'])), 'unfiltered-html-comment_' . $post_id ) ) {
return;
}
if ( ( isset( $_POST[ TF_COMMENT_META ] ) ) && ( '' !== $_POST[ TF_COMMENT_META ] ) ) {
Expand Down
4 changes: 2 additions & 2 deletions inc/functions/functions-tour.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3530,7 +3530,7 @@ function tf_filter_tour_by_without_date( $period, &$total_posts, array &$not_fou
if ( ! function_exists( 'tf_tour_search_ajax_callback' ) ) {
function tf_tour_search_ajax_callback() {
// Check nonce security
if ( ! isset( $_POST['_nonce'] ) || ! wp_verify_nonce( $_POST['_nonce'], 'tf_ajax_nonce' ) ) {
if ( ! isset( $_POST['_nonce'] ) || ! wp_verify_nonce( sanitize_text_field(wp_unslash($_POST['_nonce'])), 'tf_ajax_nonce' ) ) {
return;
}
$response = [
Expand Down Expand Up @@ -3707,7 +3707,7 @@ function tf_tour_type_assign_taxonomies( $post_id, $post, $old_status ) {
add_action( 'wp_ajax_tf_tour_booking_popup', 'tf_tour_booking_popup_callback' );
function tf_tour_booking_popup_callback() {
// Check nonce security
if ( ! isset( $_POST['_nonce'] ) || ! wp_verify_nonce( $_POST['_nonce'], 'tf_ajax_nonce' ) ) {
if ( ! isset( $_POST['_nonce'] ) || ! wp_verify_nonce( sanitize_text_field(wp_unslash($_POST['_nonce'])), 'tf_ajax_nonce' ) ) {
return;
}
$response = array();
Expand Down
12 changes: 6 additions & 6 deletions inc/functions/functions-wishlist.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,8 +15,8 @@
function tf_add_to_wishlists()
{
// Check nonce security
if ( ! isset( $_POST['nonce'] ) || ! wp_verify_nonce( $_POST['nonce'], 'wishlist-nonce' ) ) {
die('Whoops!');
if ( ! isset( $_POST['nonce'] ) || ! wp_verify_nonce( sanitize_text_field(wp_unslash($_POST['nonce'])), 'wishlist-nonce' ) ) {
die(esc_html_e( 'Nonce verification failed', 'tourfic' ));
}

if (isset($_POST)) {
Expand Down Expand Up @@ -119,8 +119,8 @@ function tf_generate_table_for_user($type)
function tf_generate_table_guest()
{
// Check nonce security
if ( ! isset( $_POST['nonce'] ) || ! wp_verify_nonce( $_POST['nonce'], 'populate-wishlist-guest-nonce' ) ) {
die('Whoops!');
if ( ! isset( $_POST['nonce'] ) || ! wp_verify_nonce( sanitize_text_field(wp_unslash($_POST['nonce'])), 'populate-wishlist-guest-nonce' ) ) {
die(esc_html_e( 'Nonce verification failed', 'tourfic' ));
}

if (isset($_POST)) {
Expand Down Expand Up @@ -157,8 +157,8 @@ function tf_generate_table($ids, $type = null)
function tf_remove_wishlist()
{
// Check nonce security
if ( ! isset( $_GET['nonce'] ) || ! wp_verify_nonce( $_GET['nonce'], 'wishlist-nonce' ) ) {
die('Whoops!');
if ( ! isset( $_GET['nonce'] ) || ! wp_verify_nonce( sanitize_text_field(wp_unslash($_GET['nonce'])), 'wishlist-nonce' ) ) {
die(esc_html_e( 'Nonce verification failed', 'tourfic' ));
}

if (isset($_GET)) {
Expand Down
Loading

0 comments on commit 2e66616

Please sign in to comment.