summaryrefslogtreecommitdiff
path: root/Postman/PostmanViewController.php
diff options
context:
space:
mode:
authoryehudah <yehudah@b8457f37-d9ea-0310-8a92-e5e31aec5664>2019-08-19 20:57:47 +0000
committeryehudah <yehudah@b8457f37-d9ea-0310-8a92-e5e31aec5664>2019-08-19 20:57:47 +0000
commitd1d82adca1dbb02382d7ccf49b8830816e8fa00f (patch)
treeba061c2b4c1f06cc67efcee7b85a3c8c25162905 /Postman/PostmanViewController.php
parent7aa4390a6702059342aad220e53e3aa4efc9caad (diff)
downloadPost-SMTP-d1d82adca1dbb02382d7ccf49b8830816e8fa00f.zip
Security issues
Diffstat (limited to 'Postman/PostmanViewController.php')
-rw-r--r--Postman/PostmanViewController.php14
1 files changed, 7 insertions, 7 deletions
diff --git a/Postman/PostmanViewController.php b/Postman/PostmanViewController.php
index 55a56e9..7d5c35d 100644
--- a/Postman/PostmanViewController.php
+++ b/Postman/PostmanViewController.php
@@ -1,4 +1,7 @@
<?php
+if ( ! defined( 'ABSPATH' ) ) {
+ exit; // Exit if accessed directly
+}
if ( ! class_exists( 'PostmanViewController' ) ) {
class PostmanViewController {
private $logger;
@@ -46,19 +49,19 @@ if ( ! class_exists( 'PostmanViewController' ) ) {
function dismiss_version_notify() {
- check_ajax_referer( 'postsmtp', 'security' );
+ check_admin_referer( 'postsmtp', 'security' );
$result = update_option('postman_release_version', true );
}
function dismiss_donation_notify() {
- check_ajax_referer( 'postsmtp', 'security' );
+ check_admin_referer( 'postsmtp', 'security' );
$result = update_option('postman_dismiss_donation', true );
}
function delete_lock_file() {
- check_ajax_referer( 'postman', 'security' );
+ check_admin_referer( 'postman', 'security' );
if ( ! PostmanUtils::lockFileExists() ) {
echo __('No lock file found.', 'post-smtp' );
@@ -295,7 +298,7 @@ if ( ! class_exists( 'PostmanViewController' ) ) {
print '</section>';
print '<section id="delete_settings">';
printf( '<h3><span>%s<span></h3>', $resetTitle );
- print '<form method="POST" action="' . get_admin_url() . 'admin-post.php">';
+ print '<form class="post-smtp-reset-options" method="POST" action="' . get_admin_url() . 'admin-post.php">';
wp_nonce_field( PostmanAdminController::PURGE_DATA_SLUG );
printf( '<input type="hidden" name="action" value="%s" />', PostmanAdminController::PURGE_DATA_SLUG );
printf( '<p><span>%s</span></p><p><span>%s</span></p>', __( 'This will purge all of Postman\'s settings, including account credentials and the email log.', 'post-smtp' ), __( 'Are you sure?', 'post-smtp' ) );
@@ -375,9 +378,6 @@ if ( ! class_exists( 'PostmanViewController' ) ) {
printf( '<li><img class="align-middle" src="' . plugins_url( 'style/images/new.gif', dirname( __DIR__ ) . '/postman-smtp.php' ) . '"><a target="blank" class="align-middle" href="https://postmansmtp.com/category/guides/" class="welcome-icon postman_guides">%s</a></li>', __( 'Guides', 'post-smtp' ) );
print '</ul></div></div></div></div>';
?>
- <div class="twitter-iframe-wrap" style="min-width: 300px;">
- <a class="twitter-timeline" data-height="304" href="https://twitter.com/PostSMTP?ref_src=twsrc%5Etfw">Tweets by PostSMTP</a> <script async src="https://platform.twitter.com/widgets.js" charset="utf-8"></script>
- </div>
</div>
<?php
}