From 2d13623fc851b74b5c02936e73cc772d5dcc9caa Mon Sep 17 00:00:00 2001
From: Colin Stewart <79332690+costdev@users.noreply.github.com>
Date: Mon, 4 Nov 2024 14:12:56 +0000
Subject: [PATCH] Add nonce verification and sanitize `$_REQUEST/$_GET` values.
 (#115)

Signed-off-by: Colin Stewart <79332690+costdev@users.noreply.github.com>
---
 includes/class-themes-screens.php | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/includes/class-themes-screens.php b/includes/class-themes-screens.php
index 8d1f240..207fecb 100644
--- a/includes/class-themes-screens.php
+++ b/includes/class-themes-screens.php
@@ -90,7 +90,12 @@ public function admin_enqueue_scripts( $hook ) {
 	 * @return void
 	 */
 	public function redirect_to_theme_install() {
-		$browse = isset( $_GET['browse'] ) ? wp_unslash( $_GET['browse'] ) : '';
+		$nonce = isset( $_REQUEST['_wpnonce'] ) ? sanitize_text_field( wp_unslash( $_REQUEST['_wpnonce'] ) ) : false;
+		if ( $nonce && ! wp_verify_nonce( $nonce, 'query-themes' ) ) {
+			return;
+		}
+		
+		$browse = isset( $_GET['browse'] ) ? sanitize_text_field( wp_unslash( $_GET['browse'] ) ) : '';
 		if ( ! in_array( $browse, $this->unsupported_filters, true ) ) {
 			return;
 		}