diff --git a/src/wp-admin/includes/post.php b/src/wp-admin/includes/post.php
index 77aadb2135..c9738497fa 100644
a
|
b
|
function the_block_editor_meta_boxes() { |
2303 | 2303 | <?php the_block_editor_meta_box_post_form_hidden_fields( $post ); ?> |
2304 | 2304 | </form> |
2305 | 2305 | <form id="toggle-custom-fields-form" method="post" action="<?php echo esc_attr( admin_url( 'post.php' ) ); ?>"> |
2306 | | <?php wp_nonce_field( 'toggle-custom-fields' ); ?> |
| 2306 | <?php wp_nonce_field( 'toggle-custom-fields', 'toggle-custom-fields-nonce' ); ?> |
2307 | 2307 | <input type="hidden" name="action" value="toggle-custom-fields" /> |
2308 | 2308 | </form> |
2309 | 2309 | <?php foreach ( $locations as $location ) : ?> |
… |
… |
function the_block_editor_meta_box_post_form_hidden_fields( $post ) { |
2435 | 2435 | $classic_output = ob_get_clean(); |
2436 | 2436 | |
2437 | 2437 | $classic_elements = wp_html_split( $classic_output ); |
2438 | | $hidden_inputs = ''; |
2439 | 2438 | foreach ( $classic_elements as $element ) { |
2440 | 2439 | if ( 0 !== strpos( $element, '<input ' ) ) { |
2441 | 2440 | continue; |
diff --git a/src/wp-admin/post.php b/src/wp-admin/post.php
index c4a0ab17e5..a1113ed35f 100644
a
|
b
|
switch ( $action ) { |
339 | 339 | exit; |
340 | 340 | |
341 | 341 | case 'toggle-custom-fields': |
342 | | check_admin_referer( 'toggle-custom-fields' ); |
| 342 | check_admin_referer( 'toggle-custom-fields', 'toggle-custom-fields-nonce' ); |
343 | 343 | |
344 | 344 | $current_user_id = get_current_user_id(); |
345 | 345 | if ( $current_user_id ) { |