From d2acc08a0a53c2f6c55d9e76c8062b1476050460 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jo=C3=A3o=20Heringer?= <joao.heringer@automattic.com>
Date: Fri, 6 Oct 2023 12:01:19 -0300
Subject: [PATCH] Add/check nonce when saving Rating advanced settings

---
 polldaddy.php | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/polldaddy.php b/polldaddy.php
index 617c8bf..13604db 100644
--- a/polldaddy.php
+++ b/polldaddy.php
@@ -3622,6 +3622,7 @@ function rating_settings() {
 			                <input type="hidden" name="type" value="<?php echo $report_type; ?>" />
 							<input type="hidden" name="rating_id" value="<?php echo $rating_id; ?>" />
 							<input type="hidden" name="action" value="update-rating" />
+							<?php wp_nonce_field( 'action-update-rating_' . $report_type ); ?>
 			            </div>
 			        </div>
 			    </div>
@@ -4051,6 +4052,8 @@ function update_rating() {
 		$type = 'post';
 		$set = new stdClass;
 
+		check_admin_referer( 'action-update-rating_' . $_POST[ 'type' ] );
+
 		if ( isset( $_REQUEST['rating_id'] ) )
 			$rating_id = (int) $_REQUEST['rating_id'];