Skip to content

Commit

Permalink
Guard the authors, hashtag read endpoints as well as the ajax preview…
Browse files Browse the repository at this point in the history
… entry endpoint
  • Loading branch information
ingeniumed committed Jun 6, 2024
1 parent 91e88ac commit a2ff5b9
Show file tree
Hide file tree
Showing 2 changed files with 4 additions and 0 deletions.
2 changes: 2 additions & 0 deletions classes/class-wpcom-liveblog-rest-api.php
Original file line number Diff line number Diff line change
Expand Up @@ -205,6 +205,7 @@ public static function register_routes() {
array(
'methods' => WP_REST_Server::READABLE,
'callback' => array( __CLASS__, 'get_authors' ),
'permission_callback' => array( 'WPCOM_Liveblog', 'current_user_can_edit_liveblog' ),
'args' => array(
'term' => array(
'required' => false,
Expand All @@ -230,6 +231,7 @@ public static function register_routes() {
array(
'methods' => WP_REST_Server::READABLE,
'callback' => array( __CLASS__, 'get_hashtag_terms' ),
'permission_callback' => array( 'WPCOM_Liveblog', 'current_user_can_edit_liveblog' ),
'args' => array(
'term' => array(
'required' => false,
Expand Down
2 changes: 2 additions & 0 deletions liveblog.php
Original file line number Diff line number Diff line change
Expand Up @@ -917,6 +917,8 @@ public static function flatten_entries( $entries ) {
}

public static function ajax_preview_entry() {
self::ajax_current_user_can_edit_liveblog();

$entry_content = isset( $_REQUEST['entry_content'] ) ? sanitize_text_field( wp_unslash( $_REQUEST['entry_content'] ) ) : ''; // input var ok
$entry_content = self::format_preview_entry( $entry_content );

Expand Down

0 comments on commit a2ff5b9

Please sign in to comment.