LLMS_Controller_Certificates::maybe_authenticate_export_generation()
Allow cURL requests to view a certificate to be authenticated via a nonce.
Description Description
A cURL request is used to scrape the HTML and this will authenticate the scrape.
Return Return
(void)
Source Source
File: includes/controllers/class.llms.controller.certificates.php
public function maybe_authenticate_export_generation() {
if ( empty( $_REQUEST['_llms_cert_auth'] ) ) { // phpcs:ignore WordPress.Security.NonceVerification.Recommended
return;
}
$post_id = get_the_ID();
$post_type = get_post_type( $post_id );
if ( ! in_array( $post_type, array( 'llms_my_certificate', 'llms_certificate' ), true ) ) {
return;
}
if ( get_post_meta( $post_id, '_llms_auth_nonce', true ) !== $_REQUEST['_llms_cert_auth'] ) { // phpcs:ignore WordPress.Security.NonceVerification.Recommended
return;
}
$cert = new LLMS_User_Certificate( $post_id );
$uid = ( 'llms_certificate' === $post_type ) ? get_post_field( 'post_author', $post_id ) : $cert->get_user_id();
wp_set_current_user( $uid );
}
Expand full source code Collapse full source code View on GitHub
Changelog Changelog
| Version | Description |
|---|---|
| 3.37.4 | Use the post_author as the WP_User ID when exporting a certificate template. |
| 3.24.0 | Unknown. |
| 3.18.0 | Introduced. |