Found another bug, $query = "DELETE FROM $cc_leads_tbl_name WHERE ID = $id"; $wpdb->query($query); $update_msg = LEAD_DELTD; Seriously ? So everybody can delete Leads, just by changing the URL arguments? you don't even check if the leads belong to the current User ?
Its funny because just a couple of lines below, you do another query to list the leads of the current User.... SELECT * FROM $cc_leads_tbl_name WHERE post_author = $current_user->ID" So change this line DELETE FROM $cc_leads_tbl_name WHERE ID = $id TO $query = "DELETE FROM $cc_leads_tbl_name WHERE ID = $id and post_author = $current_user->ID"; Duh!
Hello ! We have noted down all of your suggestions and issues. We will try to fix all these issue as well as introduce all suggestions given by you in future updates Thanks & Regards Pramod Patel
Hello ! I have noted down all issues and suggestions. We will try to fix all in next update. Thanks & Regards Pramod
