diff options
author | yehudah <yehudah@b8457f37-d9ea-0310-8a92-e5e31aec5664> | 2019-08-19 20:57:47 +0000 |
---|---|---|
committer | yehudah <yehudah@b8457f37-d9ea-0310-8a92-e5e31aec5664> | 2019-08-19 20:57:47 +0000 |
commit | d1d82adca1dbb02382d7ccf49b8830816e8fa00f (patch) | |
tree | ba061c2b4c1f06cc67efcee7b85a3c8c25162905 /Postman/PostmanViewController.php | |
parent | 7aa4390a6702059342aad220e53e3aa4efc9caad (diff) | |
download | Post-SMTP-d1d82adca1dbb02382d7ccf49b8830816e8fa00f.zip |
Security issues
Diffstat (limited to 'Postman/PostmanViewController.php')
-rw-r--r-- | Postman/PostmanViewController.php | 14 |
1 files changed, 7 insertions, 7 deletions
diff --git a/Postman/PostmanViewController.php b/Postman/PostmanViewController.php index 55a56e9..7d5c35d 100644 --- a/Postman/PostmanViewController.php +++ b/Postman/PostmanViewController.php @@ -1,4 +1,7 @@ <?php +if ( ! defined( 'ABSPATH' ) ) { + exit; // Exit if accessed directly +} if ( ! class_exists( 'PostmanViewController' ) ) { class PostmanViewController { private $logger; @@ -46,19 +49,19 @@ if ( ! class_exists( 'PostmanViewController' ) ) { function dismiss_version_notify() { - check_ajax_referer( 'postsmtp', 'security' ); + check_admin_referer( 'postsmtp', 'security' ); $result = update_option('postman_release_version', true ); } function dismiss_donation_notify() { - check_ajax_referer( 'postsmtp', 'security' ); + check_admin_referer( 'postsmtp', 'security' ); $result = update_option('postman_dismiss_donation', true ); } function delete_lock_file() { - check_ajax_referer( 'postman', 'security' ); + check_admin_referer( 'postman', 'security' ); if ( ! PostmanUtils::lockFileExists() ) { echo __('No lock file found.', 'post-smtp' ); @@ -295,7 +298,7 @@ if ( ! class_exists( 'PostmanViewController' ) ) { print '</section>'; print '<section id="delete_settings">'; printf( '<h3><span>%s<span></h3>', $resetTitle ); - print '<form method="POST" action="' . get_admin_url() . 'admin-post.php">'; + print '<form class="post-smtp-reset-options" method="POST" action="' . get_admin_url() . 'admin-post.php">'; wp_nonce_field( PostmanAdminController::PURGE_DATA_SLUG ); printf( '<input type="hidden" name="action" value="%s" />', PostmanAdminController::PURGE_DATA_SLUG ); printf( '<p><span>%s</span></p><p><span>%s</span></p>', __( 'This will purge all of Postman\'s settings, including account credentials and the email log.', 'post-smtp' ), __( 'Are you sure?', 'post-smtp' ) ); @@ -375,9 +378,6 @@ if ( ! class_exists( 'PostmanViewController' ) ) { printf( '<li><img class="align-middle" src="' . plugins_url( 'style/images/new.gif', dirname( __DIR__ ) . '/postman-smtp.php' ) . '"><a target="blank" class="align-middle" href="https://postmansmtp.com/category/guides/" class="welcome-icon postman_guides">%s</a></li>', __( 'Guides', 'post-smtp' ) ); print '</ul></div></div></div></div>'; ?> - <div class="twitter-iframe-wrap" style="min-width: 300px;"> - <a class="twitter-timeline" data-height="304" href="https://twitter.com/PostSMTP?ref_src=twsrc%5Etfw">Tweets by PostSMTP</a> <script async src="https://platform.twitter.com/widgets.js" charset="utf-8"></script> - </div> </div> <?php } |