Sanitize nonce input in crop settings API for improved security

godaddy-wordpress · Dec 20, 2024 · e45c635 · e45c635
1 parent 4869c89
commit e45c635
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/includes/admin/class-coblocks-crop-settings.php b/includes/admin/class-coblocks-crop-settings.php
@@ -86,7 +86,7 @@ public function hide_cropped_from_library( $query ) {
 	 * Retrieve the original image.
 	 */
 	public function get_original_image() {
-		if ( ! wp_verify_nonce( filter_input( INPUT_POST, 'nonce' ), 'cropSettingsOriginalImageNonce' ) ) {
+		if ( ! wp_verify_nonce( sanitize_text_field( filter_input( INPUT_POST, 'nonce' ) ), 'cropSettingsOriginalImageNonce' ) ) {
 			wp_send_json_error( 'Invalid nonce value.', 403 );
 		}
 
@@ -123,7 +123,7 @@ public function get_original_image() {
 	 * Cropping.
 	 */
 	public function api_crop() {
-		if ( ! wp_verify_nonce( filter_input( INPUT_POST, 'nonce' ), 'cropSettingsNonce' ) ) {
+		if ( ! wp_verify_nonce( sanitize_text_field( filter_input( INPUT_POST, 'nonce' ) ), 'cropSettingsNonce' ) ) {
 			wp_send_json_error( 'Invalid nonce value.', 403 );
 		}