From 1ae887f66a5edaf8a272b4abbcab0086fec1c23f Mon Sep 17 00:00:00 2001
From: Simon Gomes <busy.s.simon@gmail.com>
Date: Wed, 5 May 2021 15:49:21 +0600
Subject: [PATCH] CSRF security added for Settings form

---
 includes/Admin/Settings.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/includes/Admin/Settings.php b/includes/Admin/Settings.php
index b57ec78..a65ae1d 100644
--- a/includes/Admin/Settings.php
+++ b/includes/Admin/Settings.php
@@ -53,7 +53,7 @@ public function ste_settings_form_handler() {
 				return;
 			}
 
-			if ( isset( $_REQUEST['_wpnonce'] ) && ! wp_verify_nonce( sanitize_key( $_REQUEST['_wpnonce'] ), 'ste-ecourier-settings' ) ) {
+			if ( ! isset( $_REQUEST['_wpnonce'] ) || ! wp_verify_nonce( sanitize_key( $_REQUEST['_wpnonce'] ), 'ste-ecourier-settings' ) ) {
 				wp_die( 'Nope! I can\'t let you do this' );
 			}