File tree Expand file tree Collapse file tree 2 files changed +26
-2
lines changed
Expand file tree Collapse file tree 2 files changed +26
-2
lines changed Original file line number Diff line number Diff line change 450450 type : 'warning' ,
451451 showCancelButton : false ,
452452 confirmButtonColor : '#d54e21' ,
453- confirmButtonText : 'OK ' ,
453+ confirmButtonText : 'Ok ' ,
454454 cancelButtonClass : 'btn btn-danger' ,
455455 } ) ;
456456
Original file line number Diff line number Diff line change @@ -711,8 +711,20 @@ public function handle_frontend_submission() {
711711 check_ajax_referer ( 'wpuf_form_add ' );
712712 $ form_idisset ( $ _POST 'form_id ' ] ) ? intval ( $ _POST 'form_id ' ] ) : 0 ;
713713 $ page_idisset ( $ _POST 'page_id ' ] ) ? intval ( $ _POST 'page_id ' ] ) : 0 ;
714-
715714 $ formweforms ()->form ->get ( $ form_id
715+
716+ /**
717+ * Check if form submission is open. This resolves broken access control with unauthenticated users.
718+ * Access is now checked on frontend form rendering and submission.
719+ */
720+ $ form_submission_status$ formis_submission_open ();
721+ if ( is_wp_error ( $ form_submission_status
722+ wp_send_json ( [
723+ 'success ' => false ,
724+ 'error ' => __ ( 'Login Required for submission. ' , 'weforms ' ),
725+ ] );
726+ }
727+
716728 $ form_settings$ formget_settings ();
717729 $ form_fields$ formget_fields ();
718730 $ entry_fields$ formprepare_entries ();
@@ -1241,4 +1253,16 @@ public function delete_logs() {
12411253
12421254 wp_send_json_success ();
12431255 }
1256+
1257+ /**
1258+ * Show form error
1259+ *
1260+ * @param string $message
1261+ * @param string $type
1262+ *
1263+ * @return string
1264+ */
1265+ public function show_error ( $ message$ type'info ' ) {
1266+ return sprintf ( '<div class="wpuf-%s">%s</div> ' , $ type$ message
1267+ }
12441268}
You can’t perform that action at this time.
0 commit comments