Don't echo nonce fields; only render inside form

joedolson · Dec 26, 2023 · 8cf89ab · 8cf89ab
1 parent e662771
commit 8cf89ab
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/src/mt-reports.php b/src/mt-reports.php
@@ -397,7 +397,7 @@ function mt_choose_report_by_date() {
  */
 function mt_email_purchasers() {
 	$selector = mt_select_events();
-	$nonce    = wp_nonce_field( 'mt-email-purchasers', 'mt-email-nonce' );
+	$nonce    = wp_nonce_field( 'mt-email-purchasers', 'mt-email-nonce', true, false );
 	$event_id = ( isset( $_GET['event_id'] ) ) ? (int) $_GET['event_id'] : false;
 	$body     = ( isset( $_POST['mt_body'] ) ) ? sanitize_textarea_field( $_POST['mt_body'] ) : '';
 	$subject  = ( isset( $_POST['mt_subject'] ) ) ? sanitize_text_field( $_POST['mt_subject'] ) : '';