diff options
| author | yehudah <yehudah@b8457f37-d9ea-0310-8a92-e5e31aec5664> | 2019-08-19 20:57:47 +0000 |
|---|---|---|
| committer | yehudah <yehudah@b8457f37-d9ea-0310-8a92-e5e31aec5664> | 2019-08-19 20:57:47 +0000 |
| commit | d1d82adca1dbb02382d7ccf49b8830816e8fa00f (patch) | |
| tree | ba061c2b4c1f06cc67efcee7b85a3c8c25162905 /Postman/Postman-Send-Test-Email/PostmanSendTestEmailController.php | |
| parent | 7aa4390a6702059342aad220e53e3aa4efc9caad (diff) | |
| download | Post-SMTP-d1d82adca1dbb02382d7ccf49b8830816e8fa00f.zip | |
Security issues
Diffstat (limited to 'Postman/Postman-Send-Test-Email/PostmanSendTestEmailController.php')
| -rw-r--r-- | Postman/Postman-Send-Test-Email/PostmanSendTestEmailController.php | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/Postman/Postman-Send-Test-Email/PostmanSendTestEmailController.php b/Postman/Postman-Send-Test-Email/PostmanSendTestEmailController.php index b569c98..1a207c8 100644 --- a/Postman/Postman-Send-Test-Email/PostmanSendTestEmailController.php +++ b/Postman/Postman-Send-Test-Email/PostmanSendTestEmailController.php @@ -1,4 +1,8 @@ <?php +if ( ! defined( 'ABSPATH' ) ) { + exit; // Exit if accessed directly +} + class PostmanSendTestEmailController { const EMAIL_TEST_SLUG = 'postman/email_test'; const RECIPIENT_EMAIL_FIELD_NAME = 'postman_recipient_email'; @@ -127,6 +131,8 @@ class PostmanSendTestEmailController { printf( '<form id="postman_test_email_wizard" method="post" action="%s">', PostmanUtils::getSettingsPageUrl() ); + wp_nonce_field('post-smtp', 'security' ); + // Step 1 printf( '<h5>%s</h5>', __( 'Specify the Recipient', 'post-smtp' ) ); print '<fieldset>'; @@ -199,6 +205,9 @@ class PostmanSendTestEmailAjaxController extends PostmanAbstractAjaxHandler { * This Ajax sends a test email */ function sendTestEmailViaAjax() { + + check_admin_referer('post-smtp', 'security'); + // get the email address of the recipient from the HTTP Request $email = $this->getRequestParameter( 'email' ); |