Changeset 37145 for trunk/src/wp-admin/includes/class-wp-plugin-install-list-table.php

Timestamp:

03/30/2016 06:35:37 PM (9 years ago)

Author:

jorbin

Message:

Add Nonce to updating wporg_favorites user meta field

File:

• trunk/src/wp-admin/includes/class-wp-plugin-install-list-table.php (modified) (1 diff)

trunk/src/wp-admin/includes/class-wp-plugin-install-list-table.php

@@ -171 +171 @@
 
             case 'favorites':
-                $user = isset( $_GET['user'] ) ? wp_unslash( $_GET['user'] ) : get_user_option( 'wporg_favorites' );
-                update_user_meta( get_current_user_id(), 'wporg_favorites', $user );
+                $action = 'save_wporg_username_' . get_current_user_id();
+                if ( isset( $_GET['_wpnonce'] ) && wp_verify_nonce( wp_unslash( $_GET['_wpnonce'] ), $action ) ) {
+                    $user = isset( $_GET['user'] ) ? wp_unslash( $_GET['user'] ) : get_user_option( 'wporg_favorites' );
+                    update_user_meta( get_current_user_id(), 'wporg_favorites', $user );
+                } else {
+                    $user = get_user_option( 'wporg_favorites' );
+                }
                 if ( $user )
                     $args['user'] = $user;