plugin updates

2024-07-16 13:57:46 +00:00
parent 41f50eacc4
commit 8f93917880
1529 changed files with 259452 additions and 25451 deletions
--- a/wp/wp-content/plugins/advanced-custom-fields-pro/includes/ajax/class-acf-ajax-user-setting.php
+++ b/wp/wp-content/plugins/advanced-custom-fields-pro/includes/ajax/class-acf-ajax-user-setting.php
@@ -8,11 +8,19 @@ if ( ! class_exists( 'ACF_Ajax_User_Setting' ) ) :

 	class ACF_Ajax_User_Setting extends ACF_Ajax {

-		/** @var string The AJAX action name. */
-		var $action = 'acf/ajax/user_setting';
+		/**
+		 * The AJAX action name.
+		 *
+		 * @var string
+		 */
+		public $action = 'acf/ajax/user_setting';

-		/** @var boolean Prevents access for non-logged in users. */
-		var $public = true;
+		/**
+		 * Prevents access for non-logged in users.
+		 *
+		 * @var boolean
+		 */
+		public $public = false;

 		/**
 		 * get_response
@@ -25,7 +33,10 @@ if ( ! class_exists( 'ACF_Ajax_User_Setting' ) ) :
 		 * @param   array $request The request args.
 		 * @return  mixed The response data or WP_Error.
 		 */
-		function get_response( $request ) {
+		public function get_response( $request ) {
+			if ( ! acf_current_user_can_admin() ) {
+				return new WP_Error( 'acf_invalid_permissions', __( 'Sorry, you do not have permission to do that.', 'acf' ) );
+			}

 			// update
 			if ( $this->has( 'value' ) ) {