API Security

- added APIAccess class to define access levels of API Endpoints (permissions) - use "mailpoet_token" for all nonce (just as before) - merged setupPublic/setupAdmin methods in API in order to avoid duplication - check permission if access level is not all - fixed ABSPATH check in some classes
2016-10-19 14:37:18 +02:00
parent 5d0ee43921
commit 0ca5b7a79f
8 changed files with 60 additions and 16 deletions
--- a/lib/Form/Widget.php
+++ b/lib/Form/Widget.php
@@ -161,7 +161,7 @@ class Widget extends \WP_Widget {
        );

        // generate security token
-        $data['token'] = Security::generateToken('subscribers_subscribe');
+        $data['token'] = Security::generateToken();

        // render form
        $renderer = new Renderer();