diff --git a/wp-offline-shell/wp-offline-shell-admin.php b/wp-offline-shell/wp-offline-shell-admin.php index d6c3833..9a3a91a 100644 --- a/wp-offline-shell/wp-offline-shell-admin.php +++ b/wp-offline-shell/wp-offline-shell-admin.php @@ -22,8 +22,9 @@ class Offline_Shell_Admin { public function get_files_ajax() { // If they've asked for files, just output the file HTML if(isset($_POST['data']) && $_POST['data'] === 'files') { - echo $this->options_files(); + $this->options_files(); } + exit(); } public function process_options() { @@ -31,6 +32,9 @@ class Offline_Shell_Admin { return false; } + // Check nonce to avoid hacks + check_admin_referer('offline-shell-admin'); + // Update "enabled" status update_option('offline_shell_enabled', isset($_POST['offline_shell_enabled']) ? intval($_POST['offline_shell_enabled']) : 0); @@ -188,6 +192,7 @@ class Offline_Shell_Admin { +