From deb355c6304f50d9e4c77b0354c2c8eeaf1c3103 Mon Sep 17 00:00:00 2001
From: girishpanchal30 <girish@krishaweb.com>
Date: Thu, 2 Nov 2023 14:19:29 +0530
Subject: [PATCH] Fix security issue with rest api
 Codeinwp/feedzy-rss-feeds-pro#622

---
 includes/feedzy-rss-feeds-feed-tweaks.php | 30 ++++++++++++++---------
 1 file changed, 18 insertions(+), 12 deletions(-)

diff --git a/includes/feedzy-rss-feeds-feed-tweaks.php b/includes/feedzy-rss-feeds-feed-tweaks.php
index b9e868e5..21fa6ebe 100644
--- a/includes/feedzy-rss-feeds-feed-tweaks.php
+++ b/includes/feedzy-rss-feeds-feed-tweaks.php
@@ -533,15 +533,21 @@ function feedzy_current_user_can() {
 	return false;
 }
 
-add_filter(
-	'user_has_cap',
-	function ( $allcaps, $caps, $args, $user ) {
-		$capability = apply_filters( 'feedzy_admin_menu_capability', 'publish_posts' );
-		if ( ! empty( $allcaps[ $capability ] ) ) {
-			$allcaps['manage_options'] = ! empty( $allcaps[ $capability ] );
-		}
-		return $allcaps;
-	},
-	10,
-	4
-);
+/**
+ * Handle user capability.
+ */
+function feedzy_handle_user_cap() {
+	add_filter(
+		'user_has_cap',
+		function ( $allcaps, $caps, $args, $user ) {
+			$capability = apply_filters( 'feedzy_admin_menu_capability', 'publish_posts' );
+			if ( ! empty( $allcaps[ $capability ] ) ) {
+				$allcaps['manage_options'] = ! empty( $allcaps[ $capability ] );
+			}
+			return $allcaps;
+		},
+		10,
+		4
+	);
+}
+add_action( 'rest_api_init', 'feedzy_handle_user_cap' );