WordPress.org

Make WordPress Core

Changeset 37144


Ignore:
Timestamp:
03/30/2016 06:30:40 PM (4 years ago)
Author:
nbachiyski
Message:

Add nonce to AJAX action for script compression setting

Merges [37143] to the 4.4 branch

Location:
branches/4.4/src/wp-admin/includes
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • branches/4.4/src/wp-admin/includes/ajax-actions.php

    r35760 r37144  
    198198            wp_die();
    199199        } elseif ( 'no' == $_GET['test'] ) {
     200            check_ajax_referer( 'update_can_compress_scripts' );
    200201            update_site_option('can_compress_scripts', 0);
    201202        } elseif ( 'yes' == $_GET['test'] ) {
     203            check_ajax_referer( 'update_can_compress_scripts' );
    202204            update_site_option('can_compress_scripts', 1);
    203205        }
  • branches/4.4/src/wp-admin/includes/template.php

    r35740 r37144  
    17851785?>
    17861786    <script type="text/javascript">
     1787    var compressionNonce = <?php echo wp_json_encode( wp_create_nonce( 'update_can_compress_scripts' ) ); ?>;
    17871788    var testCompression = {
    17881789        get : function(test) {
     
    18041805                };
    18051806
    1806                 x.open('GET', ajaxurl + '?action=wp-compression-test&test='+test+'&'+(new Date()).getTime(), true);
     1807                x.open('GET', ajaxurl + '?action=wp-compression-test&test='+test+'&_ajax_nonce='+compressionNonce+'&'+(new Date()).getTime(), true);
    18071808                x.send('');
    18081809            }
Note: See TracChangeset for help on using the changeset viewer.