@@ -718,7 +718,11 @@ public function merge_or_fetch_data() {
718718 * making PT fully backward compatible with the older bookmarklet.
719719 */
720720 if ( empty ( $ _POST ) && ! empty ( $ data ['u ' ] ) ) {
721- $ data = $ this ->source_data_fetch_fallback ( $ data ['u ' ], $ data );
721+ if ( isset ( $ _GET ['_wpnonce ' ] ) && wp_verify_nonce ( $ _GET ['_wpnonce ' ], 'scan-site ' ) ) {
722+ $ data = $ this ->source_data_fetch_fallback ( $ data ['u ' ], $ data );
723+ } else {
724+ $ data ['errors ' ] = 'missing nonce ' ;
725+ }
722726 } else {
723727 foreach ( array ( '_images ' , '_embeds ' ) as $ type ) {
724728 if ( empty ( $ _POST [ $ type ] ) ) {
@@ -1235,7 +1239,7 @@ public function html() {
12351239 $ site_data = array (
12361240 'v ' => ! empty ( $ data ['v ' ] ) ? $ data ['v ' ] : '' ,
12371241 'u ' => ! empty ( $ data ['u ' ] ) ? $ data ['u ' ] : '' ,
1238- 'hasData ' => ! empty ( $ data ),
1242+ 'hasData ' => ! empty ( $ data ) && ! isset ( $ data [ ' errors ' ] ) ,
12391243 );
12401244
12411245 if ( ! empty ( $ images ) ) {
@@ -1367,8 +1371,9 @@ public function html() {
13671371 <div id="scanbar" class="scan">
13681372 <form method="GET">
13691373 <label for="url-scan" class="screen-reader-text"><?php _e ( 'Scan site for content ' ); ?> </label>
1370- <input type="url" name="u" id="url-scan" class="scan-url" value="" placeholder="<?php esc_attr_e ( 'Enter a URL to scan ' ) ?> " />
1374+ <input type="url" name="u" id="url-scan" class="scan-url" value="<?php echo esc_attr ( $ site_data [ ' u ' ] ) ?> " placeholder="<?php esc_attr_e ( 'Enter a URL to scan ' ) ?> " />
13711375 <input type="submit" name="url-scan-submit" id="url-scan-submit" class="scan-submit" value="<?php esc_attr_e ( 'Scan ' ) ?> " />
1376+ <?php wp_nonce_field ( 'scan-site ' ); ?>
13721377 </form>
13731378 </div>
13741379
0 commit comments