diff --git a/includes/core/class-form.php b/includes/core/class-form.php index e6007bcd..fbbbeed0 100644 --- a/includes/core/class-form.php +++ b/includes/core/class-form.php @@ -63,7 +63,6 @@ if ( ! class_exists( 'um\core\Form' ) ) { add_action( 'init', array( &$this, 'field_declare' ), 10 ); } - /** * */ @@ -71,41 +70,36 @@ if ( ! class_exists( 'um\core\Form' ) ) { UM()->check_ajax_nonce(); // phpcs:disable WordPress.Security.NonceVerification + if ( ! isset( $_REQUEST['hook'] ) ) { + die( esc_html__( 'Invalid hook', 'ultimate-member' ) ); + } + if ( isset( $_REQUEST['user_id'] ) ) { $user_id = absint( $_REQUEST['user_id'] ); } - - if ( isset( $_REQUEST['hook'] ) ) { - $hook = sanitize_key( $_REQUEST['hook'] ); + if ( ! isset( $user_id ) || ! UM()->roles()->um_current_user_can( 'edit', $user_id ) ) { + die( esc_html__( 'You can not edit this user.', 'ultimate-member' ) ); } - if ( ! UM()->roles()->um_current_user_can( 'edit', $user_id ) ) { - die( esc_html__( 'You can not edit this user', 'ultimate-member' ) ); - } - - switch ( $hook ) { - default: - /** - * Fires on AJAX muted action. - * - * @since 2.0 - * @hook um_run_ajax_function__{$hook} - * - * @param {array} $request Request. - * - * @example