Steve-Dee-Designs
/
woocommerce
mirror of https://github.com/woocommerce/woocommerce.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #16877 from nicoladj77/patch-1 

Check for nonce when Cancelling Order.
This commit is contained in:
Claudiu Lodromanean 2017-09-21 10:27:12 -07:00 committed by GitHub
parent e713b5beb3 74bea6ec7d
commit abc43c473e
1 changed files with 6 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
includes/class-wc-form-handler.php
View File

@ -672,7 +672,12 @@ class WC_Form_Handler {
* Cancel a pending order.
*/
public static function cancel_order() {
if ( isset( $_GET['cancel_order'] ) && isset( $_GET['order'] ) && isset( $_GET['order_id'] ) ) {
if (
isset( $_GET['cancel_order'] ) &&
isset( $_GET['order'] ) &&
isset( $_GET['order_id'] ) &&
( isset( $_GET['_wpnonce'] ) && wp_verify_nonce( $_GET['_wpnonce'], 'woocommerce-cancel_order' ) )
) {
nocache_headers();
$order_key = $_GET['order'];