Make WordPress Core


Ignore:
Timestamp:
10/12/2012 04:02:45 PM (12 years ago)
Author:
koopersmith
Message:

Add a nonce to wp_ajax_save_attachment. see #21390, #21807.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-admin/includes/ajax-actions.php

    r22200 r22212  
    18341834        wp_send_json_error();
    18351835
     1836    check_ajax_referer( 'save-attachment', 'nonce' );
     1837
    18361838    if ( ! current_user_can( 'edit_post', $id ) )
    18371839        wp_send_json_error();
Note: See TracChangeset for help on using the changeset viewer.