diff options
| author | yehudah <yehudah@b8457f37-d9ea-0310-8a92-e5e31aec5664> | 2019-08-19 20:57:47 +0000 |
|---|---|---|
| committer | yehudah <yehudah@b8457f37-d9ea-0310-8a92-e5e31aec5664> | 2019-08-19 20:57:47 +0000 |
| commit | d1d82adca1dbb02382d7ccf49b8830816e8fa00f (patch) | |
| tree | ba061c2b4c1f06cc67efcee7b85a3c8c25162905 /Postman/Postman-Send-Test-Email | |
| parent | 7aa4390a6702059342aad220e53e3aa4efc9caad (diff) | |
| download | Post-SMTP-d1d82adca1dbb02382d7ccf49b8830816e8fa00f.zip | |
Security issues
Diffstat (limited to 'Postman/Postman-Send-Test-Email')
| -rw-r--r-- | Postman/Postman-Send-Test-Email/PostmanSendTestEmailController.php | 9 | ||||
| -rw-r--r-- | Postman/Postman-Send-Test-Email/postman_send_test_email.js | 3 |
2 files changed, 11 insertions, 1 deletions
diff --git a/Postman/Postman-Send-Test-Email/PostmanSendTestEmailController.php b/Postman/Postman-Send-Test-Email/PostmanSendTestEmailController.php index b569c98..1a207c8 100644 --- a/Postman/Postman-Send-Test-Email/PostmanSendTestEmailController.php +++ b/Postman/Postman-Send-Test-Email/PostmanSendTestEmailController.php @@ -1,4 +1,8 @@ <?php +if ( ! defined( 'ABSPATH' ) ) { + exit; // Exit if accessed directly +} + class PostmanSendTestEmailController { const EMAIL_TEST_SLUG = 'postman/email_test'; const RECIPIENT_EMAIL_FIELD_NAME = 'postman_recipient_email'; @@ -127,6 +131,8 @@ class PostmanSendTestEmailController { printf( '<form id="postman_test_email_wizard" method="post" action="%s">', PostmanUtils::getSettingsPageUrl() ); + wp_nonce_field('post-smtp', 'security' ); + // Step 1 printf( '<h5>%s</h5>', __( 'Specify the Recipient', 'post-smtp' ) ); print '<fieldset>'; @@ -199,6 +205,9 @@ class PostmanSendTestEmailAjaxController extends PostmanAbstractAjaxHandler { * This Ajax sends a test email */ function sendTestEmailViaAjax() { + + check_admin_referer('post-smtp', 'security'); + // get the email address of the recipient from the HTTP Request $email = $this->getRequestParameter( 'email' ); diff --git a/Postman/Postman-Send-Test-Email/postman_send_test_email.js b/Postman/Postman-Send-Test-Email/postman_send_test_email.js index c3e9f07..ab69d1f 100644 --- a/Postman/Postman-Send-Test-Email/postman_send_test_email.js +++ b/Postman/Postman-Send-Test-Email/postman_send_test_email.js @@ -107,7 +107,8 @@ function postHandleStepChange(event, currentIndex, priorIndex, myself) { jQuery('li').addClass('disabled'); var data = { 'action' : 'postman_send_test_email', - 'email' : jQuery(postman_email_test.recipient).val() + 'email' : jQuery(postman_email_test.recipient).val(), + 'security' : jQuery('#security').val() }; jQuery('#postman_test_message_status').html(postman_email_test.sending); jQuery('#postman_test_message_status').css('color', 'blue'); |