@@ -108,7 +108,24 @@ function endpoint_register() {
108108 'visualizer/v ' . VISUALIZER_REST_VERSION ,
109109 '/action/(?P<chart>\d+)/(?P<type>.+)/ ' ,
110110 array (
111- 'methods ' => array ( 'GET ' , 'POST ' ),
111+ 'methods ' => 'GET ' ,
112+ 'args ' => array (
113+ 'chart ' => array (
114+ 'required ' => true ,
115+ 'sanitize_callback ' => function ( $ param
116+ return is_numeric ( $ param$ paramnull ;
117+ },
118+ ),
119+ 'type ' => array (
120+ 'required ' => true ,
121+ 'type ' => 'string ' ,
122+ 'enum ' => array_keys ( $ this get_actions () ),
123+ ),
124+ ),
125+ 'permission_callback ' => function ( WP_REST_Request $ request
126+ $ chart_idfilter_var ( sanitize_text_field ( $ requestget_param ( 'chart ' ), FILTER_VALIDATE_INT ) );
127+ return ! empty ( $ chart_idapply_filters ( 'visualizer_pro_show_chart ' , true , $ chart_id
128+ },
112129 'callback ' => array ( $ this 'perform_action ' ),
113130 )
114131 );
@@ -379,6 +396,7 @@ public function renderChart( $atts ) {
379396 'language ' => $ this get_language (),
380397 'map_api_key ' => get_option ( 'visualizer-map-api-key ' ),
381398 'rest_url ' => version_compare ( $ wp_version'4.7.0 ' , '>= ' ) ? rest_url ( 'visualizer/v ' . VISUALIZER_REST_VERSION . '/action/#id#/#type#/ ' ) : '' ,
399+ 'wp_nonce ' => wp_create_nonce ( 'wp_rest ' ),
382400 'i10n ' => array (
383401 'copied ' => __ ( 'The data has been copied to your clipboard. Hit Ctrl-V/Cmd-V in your spreadsheet editor to paste the data. ' , 'visualizer ' ),
384402 ),
0 commit comments