/** * Validate the request by checking: * * 1) the ID is a valid integer * 2) the ID returns a valid queue item * 3) the current user has the proper permissions to read/edit/delete the object * * @since 4.1 * @param string|int $id the post ID * @param string $type Unused * @param string $context Unused * @return int|WP_Error valid post ID or WP_Error if any of the checks fails */ protected function validate_request($id, $type = null, $context = null) { $id = absint($id); // validate ID if (empty($id)) { return new WP_Error("fue_api_invalid_queue_id", __('Invalid Queue ID', 'follow_up_emails'), array('status' => 404)); } $item = new FUE_Sending_Queue_Item($id); // check that the resource exists if (!$item->exists()) { return new WP_Error('fue_api_invalid_queue_id', __('Invalid Queue ID', 'follow_up_emails'), array('status' => 404)); } if (!current_user_can('manage_follow_up_emails')) { return new WP_Error("fue_api_user_cannot_access_queue", __('You do not have permission to access this resource', 'follow_up_emails'), array('status' => 401)); } return $id; }
<?php if (!defined('ABSPATH')) { exit; // Exit if accessed directly } $order_id = 0; $order_url = ''; $email_address = ''; $queue_id = ''; if (!empty($_GET['qid'])) { $queue_id = absint($_GET['qid']); $queue = new FUE_Sending_Queue_Item($queue_id); if ($queue->exists()) { $order_id = $queue->order_id; $order = WC_FUE_Compatibility::wc_get_order($order_id); $email_address = $queue->user_email; if (function_exists('wc_get_endpoint_url')) { $order_url = wc_get_endpoint_url('view-order', $order_id, wc_get_page_permalink('myaccount')); } else { $order_url = add_query_arg('order', $order_id, get_permalink(woocommerce_get_page_id('view_order'))); } } } get_header(); ?> <div id="primary" class="content-area"> <div id="content" class="site-content" role="main"> <article class="page type-page status-publish hentry"> <header class="entry-header">