Make WordPress Core

Changeset 22930


Ignore:
Timestamp:
11/30/2012 12:01:02 AM (12 years ago)
Author:
nacin
Message:

Nonces for dashboard controls.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-admin/includes/dashboard.php

    r22831 r22930  
    132132
    133133    if ( 'POST' == $_SERVER['REQUEST_METHOD'] && isset($_POST['widget_id']) ) {
     134        check_admin_referer( 'edit-dashboard-widget_' . $_POST['widget_id'] );
    134135        ob_start(); // hack - but the same hack wp-admin/widgets.php uses
    135136        wp_dashboard_trigger_widget_control( $_POST['widget_id'] );
     
    183184    echo '<form action="" method="post" class="dashboard-widget-control-form">';
    184185    wp_dashboard_trigger_widget_control( $meta_box['id'] );
     186    wp_nonce_field( 'edit-dashboard-widget_' . $meta_box['id'] );
    185187    echo '<input type="hidden" name="widget_id" value="' . esc_attr($meta_box['id']) . '" />';
    186188    submit_button( __('Submit') );
Note: See TracChangeset for help on using the changeset viewer.