From 0c9bc54daac7c2d37a2f1d85b085640de5753291 Mon Sep 17 00:00:00 2001 From: Ante Laca Date: Wed, 17 Jul 2024 18:51:17 +0200 Subject: [PATCH] FIx: use capabilities check (#7440) Co-authored-by: Jon Waldstein --- src/DonationForms/V2/Endpoints/Endpoint.php | 10 ++++++++++ src/DonationForms/V2/Endpoints/FormActions.php | 3 ++- 2 files changed, 12 insertions(+), 1 deletion(-) diff --git a/src/DonationForms/V2/Endpoints/Endpoint.php b/src/DonationForms/V2/Endpoints/Endpoint.php index 979e0f5063..df1ed24470 100644 --- a/src/DonationForms/V2/Endpoints/Endpoint.php +++ b/src/DonationForms/V2/Endpoints/Endpoint.php @@ -26,6 +26,16 @@ public function validateInt($value) return filter_var($value, FILTER_VALIDATE_INT); } + /** + * @unreleased + * @param string $id + * @return bool + */ + public function validatePostType(string $id) + { + return get_post_type($id) === 'give_forms'; + } + /** * Check user permissions * @return bool|WP_Error diff --git a/src/DonationForms/V2/Endpoints/FormActions.php b/src/DonationForms/V2/Endpoints/FormActions.php index 208138e5ac..8d7a857270 100644 --- a/src/DonationForms/V2/Endpoints/FormActions.php +++ b/src/DonationForms/V2/Endpoints/FormActions.php @@ -7,6 +7,7 @@ use WP_REST_Response; /** + * @unreleased updated to validate form id is a donation form post type * @since 2.19.0 */ class FormActions extends Endpoint @@ -47,7 +48,7 @@ public function registerRoute() 'required' => true, 'validate_callback' => function ($ids) { foreach ($this->splitString($ids) as $id) { - if ( ! $this->validateInt($id)) { + if ( ! $this->validateInt($id) || !$this->validatePostType($id)) { return false; } }