function run_import() { ITForm::check_nonce("import_run_guid_{$_REQUEST['guid']}"); require_once dirname(__FILE__) . '/class.builder-import-export.php'; $import = new BuilderImportExport($_REQUEST['guid']); $result = $import->run_import(); $errors = ''; if (is_array($result)) { $errors = '&errors=' . implode(',', $result); } $redirect = "{$this->_parent->_self_link}&imported={$_REQUEST['guid']}{$errors}"; // echo "<p>Redirect: $redirect</p>\n"; wp_redirect($redirect); exit; }
function index() { if (!current_user_can($this->_access_level)) { die(__('Cheatin’ uh?')); } // This needs to be modified to not allow an attacker to bypass it. // Possibly do a check to see if $_POST is not empty. if (!empty($_REQUEST['_wpnonce'])) { ITForm::check_nonce(!empty($this->_nonce) ? $this->_nonce : null); } ITUtility::cleanup_request_vars(); }