Steve-Dee-Designs
/
woocommerce
mirror of https://github.com/woocommerce/woocommerce.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Verify that user can view reports before allowing export download.

This commit is contained in:
Jeff Stieler 2019-07-01 12:06:25 -06:00
parent fbd231acf4
commit e6c445e1d4
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
plugins/woocommerce-admin/includes/export/class-wc-admin-report-exporter.php
View File

@ -172,7 +172,8 @@ class WC_Admin_Report_Exporter {
if (
isset( $_GET['action'] ) &&
! empty( $_GET['filename'] ) &&
self::DOWNLOAD_EXPORT_ACTION === wp_unslash( $_GET['action'] ) // WPCS: input var ok, sanitization ok.
self::DOWNLOAD_EXPORT_ACTION === wp_unslash( $_GET['action'] ) && // WPCS: input var ok, sanitization ok.
current_user_can( 'view_woocommerce_reports' )
) {
$exporter = new WC_Admin_Report_CSV_Exporter();
$exporter->set_filename( wp_unslash( $_GET['filename'] ) ); // WPCS: input var ok, sanitization ok.