Merge pull request #59 from TycheSoftwares/security-nonce

Fixed security nonce
TycheSoftwares · Apr 2, 2024 · 4b66855 · 4b66855
2 parents dff4385 + 8dd444f
commit 4b66855
Showing 1 changed file with 3 additions and 4 deletions.
diff --git a/includes/component/plugin-tracking/class-tyche-plugin-tracking.php b/includes/component/plugin-tracking/class-tyche-plugin-tracking.php
@@ -148,11 +148,10 @@ public static function reset_tracker_setting( $plugin_short_name ) {
 		 */
 		public function dismiss_notice() {
 			$nonce = $_POST['tracking_notice'];//phpcs:ignore
-			if ( ! wp_verify_nonce( $nonce, 'tracking_notice' ) ) {
-				return;
+			if ( is_user_logged_in() && current_user_can( 'manage_options' ) && wp_verify_nonce( $nonce, 'tracking_notice' ) ) {
+				update_option( $this->plugin_short_name . '_allow_tracking', 'dismissed' );
+				$this->send_tracking_data();
 			}
-			update_option( $this->plugin_short_name . '_allow_tracking', 'dismissed' );
-			$this->send_tracking_data();
 		}
 
 		/**