For all the set...() _ PHP Methods, I discovered a security hole wherby users could set the values of other users if they know their user_id. As a result, let's remove 'user_id' from the input parameters, and instead check which user is currently calling the set function, and apply it to that user ID.
This is how to get the ID of the current user :
$current_user = wp_get_current_user();
$current_user_ID = $current_user->ID;
This applies to the following functions:
set_points()set_favorites()set_viewed()
For all the set...() _ PHP Methods, I discovered a security hole wherby users could set the values of other users if they know their user_id. As a result, let's remove 'user_id' from the input parameters, and instead check which user is currently calling the set function, and apply it to that user ID.
This is how to get the ID of the current user : $current_user = wp_get_current_user(); $current_user_ID = $current_user->ID;
This applies to the following functions: set_points() set_favorites() set_viewed()