diff --git a/class/class-mainwp-clone.php b/class/class-mainwp-clone.php
index 7c00f12..46b0f49 100644
--- a/class/class-mainwp-clone.php
+++ b/class/class-mainwp-clone.php
@@ -109,7 +109,7 @@ class MainWP_Clone {
public static function render() {
$uploadError = false;
$uploadFile = false;
- if ( isset( $_REQUEST['upload'] ) ) {
+ if ( isset( $_REQUEST['upload'] ) && wp_verify_nonce( $_POST['_nonce'], 'cloneRestore' ) ) {
if ( isset( $_FILES['file'] ) ) {
if ( ! function_exists( 'wp_handle_upload' ) ) {
require_once( ABSPATH . 'wp-admin/includes/file.php' );
@@ -230,6 +230,7 @@ class MainWP_Clone {
class="button button-primary"
disabled="disabled"
value=""/>
+
@@ -244,7 +245,7 @@ class MainWP_Clone {
public static function renderNormalRestore() {
$uploadError = false;
$uploadFile = false;
- if ( isset( $_REQUEST['upload'] ) ) {
+ if ( isset( $_REQUEST['upload'] ) && wp_verify_nonce( $_POST['_nonce'], 'cloneRestore' ) ) {
if ( isset( $_FILES['file'] ) ) {
if ( ! function_exists( 'wp_handle_upload' ) ) {
require_once( ABSPATH . 'wp-admin/includes/file.php' );
@@ -298,6 +299,8 @@ class MainWP_Clone {
)
+
+
+