Add nonce verification for admin list

Author: colinmurphy

plugins/wpgraphql-logging/src/Admin/View/List/ListTable.php

@@ -60,6 +60,10 @@ public function __construct(
 	 * @psalm-suppress PossiblyInvalidCast
 	 */
 	public function prepare_items(): void {
+		if ( array_key_exists( 'orderby', $_REQUEST ) || array_key_exists( 'order', $_REQUEST ) ) {
+			check_admin_referer( 'wpgraphql-logging-sort' );
+		}
+
 		$this->process_bulk_action();
 		$this->_column_headers =
 		apply_filters(

plugins/wpgraphql-logging/src/Admin/View/Templates/WPGraphQLLoggerList.php

@@ -22,6 +22,7 @@
 	<hr class="wp-header-end">
 
 	<form method="post">
+		<?php wp_nonce_field( 'wpgraphql-logging-sort', 'wpgraphql-logging-sort-nonce' ); ?>
 		<?php
 		$list_table->prepare_items();
 		$list_table->display();

plugins/wpgraphql-logging/src/Admin/ViewLogsPage.php

@@ -134,6 +134,19 @@ public function enqueue_admin_scripts( string $hook_suffix ): void {
 			'jQuery(document).ready(function($){ $(".wpgraphql-logging-datepicker").datetimepicker({ dateFormat: "yy-mm-dd", timeFormat: "HH:mm:ss" }); });'
 		);
 
+		// Add nonce to sorting links.
+		wp_add_inline_script(
+			'jquery',
+			'jQuery(document).ready(function($){
+				var nonce = $("#wpgraphql-logging-sort-nonce").val();
+				if ( nonce ) {
+					$("th.sortable a").each(function(){
+						this.href = this.href + "&_wpnonce=" + nonce;
+					});
+				}
+			});'
+		);
+
 		// Allow other plugins to enqueue their own scripts/styles.
 		do_action( 'wpgraphql_logging_view_logs_admin_enqueue_scripts', $hook_suffix );
 	}