Remove unused nonce fields in site-themes.php and site-users.php
|Reported by:||jeremyfelt||Owned by:||nacin|
In 16242 from 14897, check_admin_referer( 'edit-site' ) was removed during a massive reorg of site-themes.php. Additional nonce checks were added via the nonce audit in 15969, but the nonce field generation for the original edit-site was never removed. This currently results in the generation of two hidden inputs with name="_wp_nonce".
check_admin_referer( 'edit-site' ) was also removed for site-users.php in 16560, but the 2 associated nonce field(s) remained. A 3rd 'edit-site' nonce field was added in 16585 when a new form was added, but that has been unnecessary.
The attached patch removes all 4 instances of wp_nonce_field( 'edit-site' ) across site-themes.php and site-users.php as they are no longer required in either.