From e9cb51bc200bca6d2aa321ba18234a8ec26824c0 Mon Sep 17 00:00:00 2001 From: alaca Date: Wed, 10 Jul 2024 17:19:25 +0200 Subject: [PATCH 1/2] feature: add user capability check --- src/Onboarding/Wizard/Page.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/Onboarding/Wizard/Page.php b/src/Onboarding/Wizard/Page.php index 8ae8c0dd01..80419d934c 100644 --- a/src/Onboarding/Wizard/Page.php +++ b/src/Onboarding/Wizard/Page.php @@ -65,7 +65,7 @@ public function __construct( **/ public function add_page() { - add_submenu_page('', '', '', 'manage_options', $this->slug); + add_submenu_page('', '', '', 'manage_give_settings', $this->slug); } /** @@ -77,7 +77,7 @@ public function add_page() **/ public function setup_wizard() { - if (empty($_GET['page']) || $this->slug !== $_GET['page']) { // WPCS: CSRF ok, input var ok. + if (empty($_GET['page']) || $this->slug !== $_GET['page'] || ! current_user_can('manage_give_settings')) { // WPCS: CSRF ok, input var ok. return; } else { $this->render_page(); From a2fb103970e6b38647ac5a1b9c9979ce2c691c2a Mon Sep 17 00:00:00 2001 From: alaca Date: Wed, 10 Jul 2024 17:21:44 +0200 Subject: [PATCH 2/2] chore: add unreleased tags --- src/Onboarding/Wizard/Page.php | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/Onboarding/Wizard/Page.php b/src/Onboarding/Wizard/Page.php index 80419d934c..3f4417bd0c 100644 --- a/src/Onboarding/Wizard/Page.php +++ b/src/Onboarding/Wizard/Page.php @@ -62,6 +62,7 @@ public function __construct( * Register Onboarding Wizard as an admin page route * * @since 2.8.0 + * @unreleased change capability to manage_give_settings **/ public function add_page() { @@ -74,6 +75,7 @@ public function add_page() * If the current page query matches the onboarding wizard's slug, method renders the onboarding wizard. * * @since 2.8.0 + * @unreleased add user capability check **/ public function setup_wizard() {