Steve-Dee-Designs
/
woocommerce
mirror of https://github.com/woocommerce/woocommerce.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Propper verify nonce use on order tracking page.

This commit is contained in:
Gerhard 2014-10-21 09:46:14 +02:00
parent 5c1ad63876
commit afc0ddf6e7
1 changed files with 1 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
includes/shortcodes/class-wc-shortcode-order-tracking.php
View File

@ -42,9 +42,7 @@ class WC_Shortcode_Order_Tracking {
global $post;
if ( ! empty( $_REQUEST['orderid'] ) ) {
wp_verify_nonce( $_POST['_wpnonce'], 'woocommerce-order_tracking' );
if ( ! empty( $_REQUEST['orderid'] ) && isset( $_POST['_wpnonce'] ) && wp_verify_nonce( $_POST['_wpnonce'], 'woocommerce-order_tracking' ) ) {
$order_id = empty( $_REQUEST['orderid'] ) ? 0 : esc_attr( $_REQUEST['orderid'] );
$order_email = empty( $_REQUEST['order_email'] ) ? '' : esc_attr( $_REQUEST['order_email']) ;