Merge pull request #485 from wpengine/bug-fix-logging-nonce-issue

colinmurphy · web-flow · commit a7207300e4da · 2025-11-12T09:59:50.000Z
chore:  Added nonce for the detail page for the download link.
diff --git a/.changeset/curly-phones-look.md b/.changeset/curly-phones-look.md
@@ -0,0 +1,5 @@
+---
+"@wpengine/wpgraphql-logging-wordpress-plugin": patch
+---
+
+chore:  Added nonce for the detail page for the download link.
diff --git a/plugins/wpgraphql-logging/src/Admin/View/Templates/WPGraphQLLoggerView.php b/plugins/wpgraphql-logging/src/Admin/View/Templates/WPGraphQLLoggerView.php
@@ -2,6 +2,8 @@
 
 declare(strict_types=1);
 
+use WPGraphQL\Logging\Admin\ViewLogsPage;
+
 /**
  * Log detail view template.
  *
@@ -17,13 +19,15 @@
 		<h1><?php esc_html_e( 'Log Entry', 'wpgraphql-logging' ); ?></h1>
 		<a href="
 		<?php
+		$wpgraphql_logging_download_nonce = wp_create_nonce( ViewLogsPage::ADMIN_PAGE_DOWNLOAD_NONCE . '_' . $log->get_id() );
 		echo esc_url(
 			admin_url(
 				sprintf(
-					'admin.php?page=%s&action=%s&log=%d',
+					'admin.php?page=%s&action=%s&log=%d&_wpnonce=%s',
 					\WPGraphQL\Logging\Admin\ViewLogsPage::ADMIN_PAGE_SLUG,
 					'download',
-					$log->get_id()
+					$log->get_id(),
+					$wpgraphql_logging_download_nonce
 				)
 			)
 		);

-Original file line number
+Diff line change
@@ @@ -0,0 +1,5 @@ @@
 +---
 +"@wpengine/wpgraphql-logging-wordpress-plugin": patch
 +---
++
 +chore:  Added nonce for the detail page for the download link.