WordPress.org

Make WordPress Core

Changeset 25550


Ignore:
Timestamp:
09/21/2013 04:25:57 PM (8 years ago)
Author:
wonderboymusic
Message:

Use elseif when slurping the nonce in check_ajax_referer() to avoid accidentally overwriting it.

Fail wonderboymusic in [25433].
Props ocean90.
Fixes #25369.
See [25433].

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/pluggable.php

    r25433 r25550  
    833833    $nonce = '';
    834834
    835     if ( $query_arg && isset( $_REQUEST[$query_arg] ) )
    836         $nonce = $_REQUEST[$query_arg];
    837 
    838     if ( isset( $_REQUEST['_ajax_nonce'] ) )
     835    if ( $query_arg && isset( $_REQUEST[ $query_arg ] ) )
     836        $nonce = $_REQUEST[ $query_arg ];
     837    elseif ( isset( $_REQUEST['_ajax_nonce'] ) )
    839838        $nonce = $_REQUEST['_ajax_nonce'];
    840 
    841     if ( isset( $_REQUEST['_wpnonce'] ) )
     839    elseif ( isset( $_REQUEST['_wpnonce'] ) )
    842840        $nonce = $_REQUEST['_wpnonce'];
    843841
Note: See TracChangeset for help on using the changeset viewer.