WordPress.org

Make WordPress Core

Changeset 22930


Ignore:
Timestamp:
11/30/12 00:01:02 (17 months ago)
Author:
nacin
Message:

Nonces for dashboard controls.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-admin/includes/dashboard.php

    r22831 r22930  
    132132 
    133133    if ( 'POST' == $_SERVER['REQUEST_METHOD'] && isset($_POST['widget_id']) ) { 
     134        check_admin_referer( 'edit-dashboard-widget_' . $_POST['widget_id'] ); 
    134135        ob_start(); // hack - but the same hack wp-admin/widgets.php uses 
    135136        wp_dashboard_trigger_widget_control( $_POST['widget_id'] ); 
     
    183184    echo '<form action="" method="post" class="dashboard-widget-control-form">'; 
    184185    wp_dashboard_trigger_widget_control( $meta_box['id'] ); 
     186    wp_nonce_field( 'edit-dashboard-widget_' . $meta_box['id'] ); 
    185187    echo '<input type="hidden" name="widget_id" value="' . esc_attr($meta_box['id']) . '" />'; 
    186188    submit_button( __('Submit') ); 
Note: See TracChangeset for help on using the changeset viewer.