Merge pull request #17866 from woocommerce/fix/17850

Confirm navigation if nonce has expired in reports.
2017-11-22 16:09:38 -02:00 · 2017-11-22 16:09:38 -02:00 · 1f156620e3
parent 39e27196c4 2b1243ea04
commit 1f156620e3
1 changed files with 6 additions and 2 deletions
--- a/includes/admin/reports/class-wc-admin-report.php
+++ b/includes/admin/reports/class-wc-admin-report.php
@ -658,8 +658,12 @@ class WC_Admin_Report {
 			return;
 		}

-		if ( ! isset( $_GET['wc_reports_nonce'] ) || ! wp_verify_nonce( $_GET['wc_reports_nonce'], 'custom_range' ) ) {
-			wp_safe_redirect( remove_query_arg( array( 'start_date', 'end_date', 'range', 'wc_reports_nonce' ) ) );
+		if ( ! isset( $_GET['wc_reports_nonce'] ) || ! wp_verify_nonce( sanitize_key( $_GET['wc_reports_nonce'] ), 'custom_range' ) ) { // WPCS: input var ok, CSRF ok.
+			wp_die(
+				/* translators: %1$s: open link, %2$s: close link */
+				sprintf( esc_html__( 'This report link has expired. %1$sClick here to view the filtered report%2$s.', 'woocommerce' ), '<a href="' . esc_url( wp_nonce_url( esc_url_raw( wp_unslash( $_SERVER['REQUEST_URI'] ) ), 'custom_range', 'wc_reports_nonce' ) ) . '">', '</a>' ), // @codingStandardsIgnoreLine.
+				esc_attr__( 'Confirm navigation', 'woocommerce' )
+			);
 			exit;
 		}
 	}