Make WordPress Core

Ticket #51483: 51483.3.patch

File 51483.3.patch, 1.4 KB (added by Mista-Flo, 4 years ago)

3rd patch to fix check admin referer

  • src/wp-admin/includes/post.php

    diff --git a/src/wp-admin/includes/post.php b/src/wp-admin/includes/post.php
    index 77aadb2135..c9738497fa 100644
    a b function the_block_editor_meta_boxes() { 
    23032303        <?php the_block_editor_meta_box_post_form_hidden_fields( $post ); ?>
    23042304        </form>
    23052305        <form id="toggle-custom-fields-form" method="post" action="<?php echo esc_attr( admin_url( 'post.php' ) ); ?>">
    2306                 <?php wp_nonce_field( 'toggle-custom-fields' ); ?>
     2306                <?php wp_nonce_field( 'toggle-custom-fields', 'toggle-custom-fields-nonce' ); ?>
    23072307                <input type="hidden" name="action" value="toggle-custom-fields" />
    23082308        </form>
    23092309        <?php foreach ( $locations as $location ) : ?>
    function the_block_editor_meta_box_post_form_hidden_fields( $post ) { 
    24352435        $classic_output = ob_get_clean();
    24362436
    24372437        $classic_elements = wp_html_split( $classic_output );
    2438         $hidden_inputs    = '';
    24392438        foreach ( $classic_elements as $element ) {
    24402439                if ( 0 !== strpos( $element, '<input ' ) ) {
    24412440                        continue;
  • src/wp-admin/post.php

    diff --git a/src/wp-admin/post.php b/src/wp-admin/post.php
    index c4a0ab17e5..a1113ed35f 100644
    a b switch ( $action ) { 
    339339                exit;
    340340
    341341        case 'toggle-custom-fields':
    342                 check_admin_referer( 'toggle-custom-fields' );
     342                check_admin_referer( 'toggle-custom-fields', 'toggle-custom-fields-nonce' );
    343343
    344344                $current_user_id = get_current_user_id();
    345345                if ( $current_user_id ) {