WordPress.org

Make WordPress Core

Changeset 23148


Ignore:
Timestamp:
12/10/12 09:14:59 (17 months ago)
Author:
nacin
Message:

Namespace the dashboard widget nonce to avoid collisions with plugins.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • branches/3.4/wp-admin/includes/dashboard.php

    r22932 r23148  
    132132 
    133133    if ( 'POST' == $_SERVER['REQUEST_METHOD'] && isset($_POST['widget_id']) ) { 
    134         check_admin_referer( 'edit-dashboard-widget_' . $_POST['widget_id'] ); 
     134        check_admin_referer( 'edit-dashboard-widget_' . $_POST['widget_id'], 'dashboard-widget-nonce' ); 
    135135        ob_start(); // hack - but the same hack wp-admin/widgets.php uses 
    136136        wp_dashboard_trigger_widget_control( $_POST['widget_id'] ); 
     
    184184    echo '<form action="" method="post" class="dashboard-widget-control-form">'; 
    185185    wp_dashboard_trigger_widget_control( $meta_box['id'] ); 
    186     wp_nonce_field( 'edit-dashboard-widget_' . $meta_box['id'] ); 
     186    wp_nonce_field( 'edit-dashboard-widget_' . $meta_box['id'], 'dashboard-widget-nonce' ); 
    187187    echo '<input type="hidden" name="widget_id" value="' . esc_attr($meta_box['id']) . '" />'; 
    188188    submit_button( __('Submit') ); 
Note: See TracChangeset for help on using the changeset viewer.