Changeset 37144

Timestamp:

03/30/2016 06:30:40 PM (7 years ago)

Author:

nbachiyski

Message:

Add nonce to AJAX action for script compression setting

Merges [37143] to the 4.4 branch

Location:

branches/4.4/src/wp-admin/includes

Files:

• ajax-actions.php (modified) (1 diff)
• template.php (modified) (2 diffs)

branches/4.4/src/wp-admin/includes/ajax-actions.php

@@ -198 +198 @@
             wp_die();
         } elseif ( 'no' == $_GET['test'] ) {
+            check_ajax_referer( 'update_can_compress_scripts' );
             update_site_option('can_compress_scripts', 0);
         } elseif ( 'yes' == $_GET['test'] ) {
+            check_ajax_referer( 'update_can_compress_scripts' );
             update_site_option('can_compress_scripts', 1);
         }

branches/4.4/src/wp-admin/includes/template.php

@@ -1785 +1785 @@
 ?>
     <script type="text/javascript">
+    var compressionNonce = <?php echo wp_json_encode( wp_create_nonce( 'update_can_compress_scripts' ) ); ?>;
     var testCompression = {
         get : function(test) {
@@ -1804 +1805 @@
                 };
 
-                x.open('GET', ajaxurl + '?action=wp-compression-test&test='+test+'&'+(new Date()).getTime(), true);
+                x.open('GET', ajaxurl + '?action=wp-compression-test&test='+test+'&_ajax_nonce='+compressionNonce+'&'+(new Date()).getTime(), true);
                 x.send('');
             }