fix: Correct nonce verification in save question AJAX handler

2025-04-03 22:56:51 -05:00 · 2025-04-03 22:56:51 -05:00 · ca097b4cdd
commit ca097b4cdd
parent a1b87b559d
1 changed files with 2 additions and 1 deletions
--- a/functions.php
+++ b/functions.php
@ -321,7 +321,8 @@ add_action( 'wp_ajax_quiztech_get_question', 'quiztech_ajax_get_question' );
 * AJAX handler for saving (creating or updating) a question.
 */
 function quiztech_ajax_save_question() {
-    check_ajax_referer( 'quiztech_save_question_action', 'nonce' );
+    // Verify nonce using the correct field name from wp_nonce_field()
+    check_ajax_referer( 'quiztech_save_question_action', 'quiztech_question_nonce' );

    if ( ! current_user_can( 'edit_questions' ) ) {
        wp_send_json_error( [ 'message' => esc_html__( 'Insufficient permissions.', 'quiztech' ) ], 403 );