Merge pull request #562 from WebDevStudios/feature/CC-260-nonce-type

richaber · web-flow · commit 6b32132ce978 · 2021-09-10T10:17:38.000-05:00
Renamed nonce typo and added nonce verification.
diff --git a/includes/class-lists.php b/includes/class-lists.php
@@ -807,7 +807,7 @@ public function show_duplicate_list_message() {
 	 */
 	public function add_force_sync_button( $views ) {
 
-		$link = wp_nonce_url( add_query_arg( [ 'ctct_list_sync' => 'true' ] ), 'ctct_reysncing', 'ctct_resyncing' );
+		$link = wp_nonce_url( add_query_arg( [ 'ctct_list_sync' => 'true' ] ), 'ctct_resyncing', 'ctct_resyncing' );
 
 		$views['sync'] = '<strong><a href="' . $link . '">' . __( 'Sync Lists with Constant Contact', 'constant-contact-forms' ) . '</a></strong>';
 
@@ -825,7 +825,7 @@ public function check_for_list_sync_request() {
 
 		$ctct_resyncing = filter_input( INPUT_GET, 'ctct_resyncing', FILTER_SANITIZE_STRING );
 
-		if ( ! isset( $ctct_resyncing ) || ! is_admin() ) {
+		if ( ! isset( $ctct_resyncing ) || ! wp_verify_nonce( $ctct_resyncing, 'ctct_resyncing' ) || ! is_admin() ) {
 			return;
 		}
 
