From 8cf89abb64bd3001a21c0b054a6e0a23197d744b Mon Sep 17 00:00:00 2001 From: Joe Dolson Date: Tue, 26 Dec 2023 15:34:30 -0600 Subject: [PATCH] Don't echo nonce fields; only render inside form --- src/mt-reports.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/mt-reports.php b/src/mt-reports.php index 27387aa2..c9e5a5b1 100644 --- a/src/mt-reports.php +++ b/src/mt-reports.php @@ -397,7 +397,7 @@ function mt_choose_report_by_date() { */ function mt_email_purchasers() { $selector = mt_select_events(); - $nonce = wp_nonce_field( 'mt-email-purchasers', 'mt-email-nonce' ); + $nonce = wp_nonce_field( 'mt-email-purchasers', 'mt-email-nonce', true, false ); $event_id = ( isset( $_GET['event_id'] ) ) ? (int) $_GET['event_id'] : false; $body = ( isset( $_POST['mt_body'] ) ) ? sanitize_textarea_field( $_POST['mt_body'] ) : ''; $subject = ( isset( $_POST['mt_subject'] ) ) ? sanitize_text_field( $_POST['mt_subject'] ) : '';