Merge pull request #644 from GatherPress/GP-611

Sanitize nonce check.
GatherPress · Apr 17, 2024 · 799e9b2 · 799e9b2
2 parents 79c2328 + ed14dbb
commit 799e9b2
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/includes/core/classes/class-user.php b/includes/core/classes/class-user.php
@@ -204,7 +204,7 @@ public function profile_fields( WP_User $user ): void {
 	public function save_profile_fields( int $user_id ): void {
 		if (
 			empty( filter_input( INPUT_POST, '_wpnonce' ) ) ||
-			! wp_verify_nonce( filter_input( INPUT_POST, '_wpnonce' ), 'update-user_' . $user_id )
+			! wp_verify_nonce( sanitize_text_field( wp_unslash( filter_input( INPUT_POST, '_wpnonce' ) ) ), 'update-user_' . $user_id )
 		) {
 			return;
 		}