Make WordPress Core


Ignore:
Timestamp:
03/30/2016 06:40:18 PM (9 years ago)
Author:
jorbin
Message:

Add Nonce to updating wporg_favorites user meta field

Merges [37145] to the 4.4 branch

Location:
branches/4.4
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • branches/4.4

  • branches/4.4/src/wp-admin/includes/plugin-install.php

    r35567 r37146  
    301301 */
    302302function install_plugins_favorites_form() {
    303     $user = ! empty( $_GET['user'] ) ? wp_unslash( $_GET['user'] ) : get_user_option( 'wporg_favorites' );
     303    $user   = get_user_option( 'wporg_favorites' );
     304    $action = 'save_wporg_username_' . get_current_user_id();
    304305    ?>
    305306    <p class="install-help"><?php _e( 'If you have marked plugins as favorites on WordPress.org, you can browse them here.' ); ?></p>
     
    310311            <input type="search" id="user" name="user" value="<?php echo esc_attr( $user ); ?>" />
    311312            <input type="submit" class="button" value="<?php esc_attr_e( 'Get Favorites' ); ?>" />
     313            <input type="hidden" id="wporg-username-nonce" name="_wpnonce" value="<?php echo esc_attr( wp_create_nonce( $action ) ); ?>" />
    312314        </p>
    313315    </form>
Note: See TracChangeset for help on using the changeset viewer.