Steve-Dee-Designs
/
woocommerce
mirror of https://github.com/woocommerce/woocommerce.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

admin

This commit is contained in:
Paul Sealock 2019-03-08 10:48:26 +13:00
parent ea4407de99
commit 14d9678513
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
includes/admin/class-wc-admin.php
View File

@ -179,7 +179,7 @@ class WC_Admin {
public function prevent_admin_access() {
$prevent_access = false;
if ( apply_filters( 'woocommerce_disable_admin_bar', true ) && ! is_ajax() && basename( wp_unslash( $_SERVER['SCRIPT_FILENAME'] ) ) !== 'admin-post.php' ) {
if ( apply_filters( 'woocommerce_disable_admin_bar', true ) && ! is_ajax() && isset( $_SERVER['SCRIPT_FILENAME'] ) && basename( sanitize_text_field( wp_unslash( $_SERVER['SCRIPT_FILENAME'] ) ) ) !== 'admin-post.php' ) {
$has_cap = false;
$access_caps = array( 'edit_posts', 'manage_woocommerce', 'view_admin_dashboard' );
@ -207,7 +207,7 @@ class WC_Admin {
public function preview_emails() {
if ( isset( $_GET['preview_woocommerce_mail'] ) ) {
if ( ! wp_verify_nonce( wp_unslash( $_REQUEST['_wpnonce'], 'preview-mail' ) ) ) {
if ( ! ( isset( $_REQUEST['_wpnonce'] ) && wp_verify_nonce( sanitize_text_field( wp_unslash( $_REQUEST['_wpnonce'], 'preview-mail' ) ) ) ) ) {
die( 'Security check' );
}
@ -229,7 +229,7 @@ class WC_Admin {
$message = apply_filters( 'woocommerce_mail_content', $email->style_inline( $mailer->wrap_message( $email_heading, $message ) ) );
// print the preview email.
echo $message;
echo esc_html( $message );
exit;
}
}