Commit 71d5dfdb authored by Eric Windham's avatar Eric Windham

added auth check to create, update, and delete calls

parent dad0f768
Pipeline #3629 passed with stages
in 1 minute and 56 seconds
......@@ -11,6 +11,12 @@ class NF_AJAX_Controllers_SavedFields extends NF_Abstracts_Controller
public function create()
{
// Does the current user have admin privileges
if (!current_user_can('manage_options')) {
$this->_errors[] = __('Access denied. You must have admin privileges to view this data.', 'ninja-forms');
$this->_respond();
}
check_ajax_referer( 'ninja_forms_builder_nonce', 'security' );
if( ! isset( $_POST[ 'field' ] ) || empty( $_POST[ 'field' ] ) ){
......@@ -32,6 +38,12 @@ class NF_AJAX_Controllers_SavedFields extends NF_Abstracts_Controller
public function update()
{
// Does the current user have admin privileges
if (!current_user_can('manage_options')) {
$this->_errors[] = __('Access denied. You must have admin privileges to view this data.', 'ninja-forms');
$this->_respond();
}
check_ajax_referer( 'ninja_forms_builder_nonce', 'security' );
if( ! isset( $_POST[ 'field' ] ) || empty( $_POST[ 'field' ] ) ){
......@@ -44,6 +56,12 @@ class NF_AJAX_Controllers_SavedFields extends NF_Abstracts_Controller
public function delete()
{
// Does the current user have admin privileges
if (!current_user_can('manage_options')) {
$this->_errors[] = __('Access denied. You must have admin privileges to view this data.', 'ninja-forms');
$this->_respond();
}
check_ajax_referer( 'ninja_forms_settings_nonce', 'security' );
if( ! isset( $_POST[ 'field' ] ) || empty( $_POST[ 'field' ] ) ){
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment