From d65bf1179ef92b6d7d23ac93b62ef10777a055ec Mon Sep 17 00:00:00 2001
From: ruben- <ruben.schollaert@verticon.be>
Date: Tue, 21 Feb 2017 20:40:43 +0100
Subject: [PATCH] Add CSRF

---
 class/class-mainwp-clone.php | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/class/class-mainwp-clone.php b/class/class-mainwp-clone.php
index 7c00f12..46b0f49 100644
--- a/class/class-mainwp-clone.php
+++ b/class/class-mainwp-clone.php
@@ -109,7 +109,7 @@ class MainWP_Clone {
 	public static function render() {
 		$uploadError = false;
 		$uploadFile  = false;
-		if ( isset( $_REQUEST['upload'] ) ) {
+		if ( isset( $_REQUEST['upload'] ) && wp_verify_nonce( $_POST['_nonce'], 'cloneRestore' ) ) {
 			if ( isset( $_FILES['file'] ) ) {
 				if ( ! function_exists( 'wp_handle_upload' ) ) {
 					require_once( ABSPATH . 'wp-admin/includes/file.php' );
@@ -230,6 +230,7 @@ class MainWP_Clone {
                 	   class="button button-primary"
                 	   disabled="disabled"
 					   value="<?php esc_attr_e( 'Clone/Restore Website', 'mainwp-child' ); ?>"/>
+			    <input type="hidden" name="_nonce" value="<?php echo wp_create_nonce( 'cloneRestore' ); ?>" />
 			</form>
 			</div>
 			</div>
@@ -244,7 +245,7 @@ class MainWP_Clone {
 	public static function renderNormalRestore() {
 		$uploadError = false;
 		$uploadFile  = false;
-		if ( isset( $_REQUEST['upload'] ) ) {
+		if ( isset( $_REQUEST['upload'] ) && wp_verify_nonce( $_POST['_nonce'], 'cloneRestore' ) ) {
 			if ( isset( $_FILES['file'] ) ) {
 				if ( ! function_exists( 'wp_handle_upload' ) ) {
 					require_once( ABSPATH . 'wp-admin/includes/file.php' );
@@ -298,6 +299,8 @@ class MainWP_Clone {
 			<p><?php esc_html_e( 'Upload backup in .zip format (Maximum filesize for your server settings: ', 'mainwp-child' ); ?><?php echo esc_html( $uploadSize ); ?>)</p>
 			<em><?php esc_html_e( 'If you have a FULL backup created by basic MainWP Backup system you may restore it by uploading here. Backups created by 3rd party plugins will not work.', 'mainwp-child' ); ?>
                 <br/>
+
+
 				<?php esc_html_e( 'A database only backup will not work.', 'mainwp-child' ); ?></em><br/><br/>
 			<form action="<?php echo esc_attr( admin_url( 'admin.php?page=MainWPRestore&upload=yes' ) ); ?>" 
 				  method="post"
@@ -309,6 +312,7 @@ class MainWP_Clone {
                          id="filesubmit"
                          disabled="disabled"
                          value="<?php esc_html_e( 'Restore Website', 'mainwp-child' ); ?>"/>
+			    <input type="hidden" name="_nonce" value="<?php echo wp_create_nonce( 'cloneRestore' ); ?>" />
             </form>
             </div>
         </div>