Merge pull request #209 from BoldGrid/isssue-139

adds nonce and role verification to entry exports.

Author: avonville

includes/admin/class-admin.php

@@ -170,9 +170,17 @@ public function export_forms() {
      * @return void
      */
     public function export_form_entries() {
+        if ( ! current_user_can( 'administrator' ) ) {
+            wp_die( esc_html__( 'You do not have permission to export entries', 'weforms' ) );
+        }
+
+        if ( ! wp_verify_nonce( $_REQUEST['_wpnonce'], 'weforms-export-entries' ) ) {
+            wp_die( esc_html__( 'Invalid nonce', 'weforms' ) );
+        }
+
         $form_id = isset( $_REQUEST['selected_forms'] ) ? absint( $_REQUEST['selected_forms'] ) : 0;
 
-        if ( !$form_id ) {
+        if ( ! $form_id ) {
             return;
         }