From 9c379c6d74ec2472aa8bf44e27ae5051c216ebb0 Mon Sep 17 00:00:00 2001
From: Saimon Sajjad <saimon2721@gmail.com>
Date: Thu, 13 Dec 2018 15:59:12 +0600
Subject: [PATCH] fix: check ajax_nonce while cropping banner (#459)

---
 classes/ajax.php | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/classes/ajax.php b/classes/ajax.php
index f4d18ba168..ebff89d094 100755
--- a/classes/ajax.php
+++ b/classes/ajax.php
@@ -560,6 +560,8 @@ public function crop_store_banner() {
             wp_send_json_error();
         }
 
+        check_ajax_referer( 'image_editor-' . $_POST['id'], 'nonce' );
+
         $crop_details = $_POST['cropDetails'];
 
         $dimensions = $this->get_header_dimensions( array(