Changeset 37146
- Timestamp:
- 03/30/2016 06:40:18 PM (9 years ago)
- Location:
- branches/4.4
- Files:
-
- 6 edited
Legend:
- Unmodified
- Added
- Removed
-
branches/4.4
-
branches/4.4/src/wp-admin/includes/ajax-actions.php
r37144 r37146 2753 2753 2754 2754 if ( ! $post = get_post( (int) $_REQUEST['post_id'] ) ) 2755 wp_send_json_error( );2755 wp_send_json_error(111); 2756 2756 2757 2757 if ( ! current_user_can( 'read_post', $post->ID ) ) 2758 wp_send_json_error( );2758 wp_send_json_error(222); 2759 2759 2760 2760 // Really just pre-loading the cache here. 2761 2761 if ( ! $revisions = wp_get_post_revisions( $post->ID, array( 'check_enabled' => false ) ) ) 2762 wp_send_json_error( );2762 wp_send_json_error(333); 2763 2763 2764 2764 $return = array(); … … 3311 3311 } 3312 3312 3313 check_ajax_referer( 'save_wporg_username_' . get_current_user_id() ); 3314 3313 3315 $username = isset( $_REQUEST['username'] ) ? wp_unslash( $_REQUEST['username'] ) : false; 3314 3316 -
branches/4.4/src/wp-admin/includes/class-wp-plugin-install-list-table.php
r35241 r37146 171 171 172 172 case 'favorites': 173 $user = isset( $_GET['user'] ) ? wp_unslash( $_GET['user'] ) : get_user_option( 'wporg_favorites' ); 174 update_user_meta( get_current_user_id(), 'wporg_favorites', $user ); 173 $action = 'save_wporg_username_' . get_current_user_id(); 174 if ( isset( $_GET['_wpnonce'] ) && wp_verify_nonce( wp_unslash( $_GET['_wpnonce'] ), $action ) ) { 175 $user = isset( $_GET['user'] ) ? wp_unslash( $_GET['user'] ) : get_user_option( 'wporg_favorites' ); 176 update_user_meta( get_current_user_id(), 'wporg_favorites', $user ); 177 } else { 178 $user = get_user_option( 'wporg_favorites' ); 179 } 175 180 if ( $user ) 176 181 $args['user'] = $user; -
branches/4.4/src/wp-admin/includes/plugin-install.php
r35567 r37146 301 301 */ 302 302 function install_plugins_favorites_form() { 303 $user = ! empty( $_GET['user'] ) ? wp_unslash( $_GET['user'] ) : get_user_option( 'wporg_favorites' ); 303 $user = get_user_option( 'wporg_favorites' ); 304 $action = 'save_wporg_username_' . get_current_user_id(); 304 305 ?> 305 306 <p class="install-help"><?php _e( 'If you have marked plugins as favorites on WordPress.org, you can browse them here.' ); ?></p> … … 310 311 <input type="search" id="user" name="user" value="<?php echo esc_attr( $user ); ?>" /> 311 312 <input type="submit" class="button" value="<?php esc_attr_e( 'Get Favorites' ); ?>" /> 313 <input type="hidden" id="wporg-username-nonce" name="_wpnonce" value="<?php echo esc_attr( wp_create_nonce( $action ) ); ?>" /> 312 314 </p> 313 315 </form> -
branches/4.4/src/wp-admin/js/theme.js
r35647 r37146 1521 1521 saveUsername: function ( event ) { 1522 1522 var username = $( '#wporg-username-input' ).val(), 1523 nonce = $( '#wporg-username-nonce' ).val(), 1523 1524 request = { browse: 'favorites', user: username }, 1524 1525 that = this; … … 1535 1536 return wp.ajax.send( 'save-wporg-username', { 1536 1537 data: { 1538 _wpnonce: nonce, 1537 1539 username: username 1538 1540 }, -
branches/4.4/src/wp-admin/theme-install.php
r35527 r37146 149 149 <div class="favorites-form"> 150 150 <?php 151 $user = isset( $_GET['user'] ) ? wp_unslash( $_GET['user'] ) : get_user_option( 'wporg_favorites' ); 152 update_user_meta( get_current_user_id(), 'wporg_favorites', $user ); 151 $action = 'save_wporg_username_' . get_current_user_id(); 152 if ( isset( $_GET['_wpnonce'] ) && wp_verify_nonce( wp_unslash( $_GET['_wpnonce'] ), $action ) ) { 153 $user = isset( $_GET['user'] ) ? wp_unslash( $_GET['user'] ) : get_user_option( 'wporg_favorites' ); 154 update_user_meta( get_current_user_id(), 'wporg_favorites', $user ); 155 } else { 156 $user = get_user_option( 'wporg_favorites' ); 157 } 153 158 ?> 154 159 <p class="install-help"><?php _e( 'If you have marked themes as favorites on WordPress.org, you can browse them here.' ); ?></p> … … 156 161 <p> 157 162 <label for="user"><?php _e( 'Your WordPress.org username:' ); ?></label> 163 <input type="hidden" id="wporg-username-nonce" name="_wpnonce" value="<?php echo esc_attr( wp_create_nonce( $action ) ); ?>" /> 158 164 <input type="search" id="wporg-username-input" value="<?php echo esc_attr( $user ); ?>" /> 159 165 <input type="button" class="button button-secondary favorites-form-submit" value="<?php esc_attr_e( 'Get Favorites' ); ?>" />
Note: See TracChangeset
for help on using the changeset viewer.