Make WordPress Core

Changeset 37143


Ignore:
Timestamp:
03/30/2016 06:20:31 PM (8 years ago)
Author:
nbachiyski
Message:

Add nonce to AJAX action for script compression setting

Location:
trunk/src/wp-admin/includes
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-admin/includes/ajax-actions.php

    r37035 r37143  
    198198            wp_die();
    199199        } elseif ( 'no' == $_GET['test'] ) {
     200            check_ajax_referer( 'update_can_compress_scripts' );
    200201            update_site_option('can_compress_scripts', 0);
    201202        } elseif ( 'yes' == $_GET['test'] ) {
     203            check_ajax_referer( 'update_can_compress_scripts' );
    202204            update_site_option('can_compress_scripts', 1);
    203205        }
  • trunk/src/wp-admin/includes/template.php

    r36698 r37143  
    17901790?>
    17911791    <script type="text/javascript">
     1792    var compressionNonce = <?php echo wp_json_encode( wp_create_nonce( 'update_can_compress_scripts' ) ); ?>;
    17921793    var testCompression = {
    17931794        get : function(test) {
     
    18091810                };
    18101811
    1811                 x.open('GET', ajaxurl + '?action=wp-compression-test&test='+test+'&'+(new Date()).getTime(), true);
     1812                x.open('GET', ajaxurl + '?action=wp-compression-test&test='+test+'&_ajax_nonce='+compressionNonce+'&'+(new Date()).getTime(), true);
    18121813                x.send('');
    18131814            }
Note: See TracChangeset for help on using the changeset viewer.