Commit ab9cca9c authored by Eric Windham's avatar Eric Windham

nonce now added to NF dashboard, duplicate, and delete

parent fb62715b
Pipeline #3620 passed with stages
in 1 minute and 40 seconds
This diff is collapsed.
This diff is collapsed.
......@@ -11,7 +11,7 @@ define( ['models/formModel'], function( FormModel ) {
comparator: 'title',
tmpNum: 1,
url: function() {
return ajaxurl + "?action=nf_forms";
return ajaxurl + "?action=nf_forms&security=" + nfAdmin.ajaxNonce;
},
initialize: function() {
......@@ -164,7 +164,7 @@ define( ['models/formModel'], function( FormModel ) {
var that = this;
jQuery.ajax({
type: "POST",
url: ajaxurl + '?action=nf_forms&clone_id=' + view.model.get( 'id' ) + '&security=' + nfAdmin.ajaxNonce,
url: ajaxurl + '?action=nf_forms&clone_id=' + view.model.get( 'id' ),
success: function( response ){
var response = JSON.parse( response );
......
......@@ -25,7 +25,7 @@ class NF_AJAX_REST_Forms extends NF_AJAX_REST_Controller
// If we don't have a nonce...
// OR if the nonce is invalid...
if (!isset($request_data['security']) || !wp_verify_nonce($request_data['security'], 'ninja_forms_dashboard_nonce')) {
if (isset($request_data['security']) || !wp_verify_nonce($request_data['security'], 'ninja_forms_dashboard_nonce')) {
// Kick the request out now.
$data['error'] = __('Request forbidden.', 'ninja-forms');
return $data;
......@@ -42,12 +42,20 @@ class NF_AJAX_REST_Forms extends NF_AJAX_REST_Controller
* GET forms/
* @return array [ $forms ]
*/
public function get()
public function get($request_data)
{
if (!current_user_can('manage_options')) {
return ['error' => __('Access denied. You must have admin privileges to view this data.', 'ninja-forms')];
}
// If we don't have a nonce...
// OR if the nonce is invalid...
if (!isset($request_data['security']) || !wp_verify_nonce($request_data['security'], 'ninja_forms_dashboard_nonce')) {
// Kick the request out now.
$data['error'] = __('Request forbidden.', 'ninja-forms');
return $data;
}
return $this->forms_controller->getFormsData();
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment