- Timestamp:
- 11/27/2017 03:43:11 AM (7 years ago)
- Location:
- trunk/src/wp-admin
- Files:
-
- 2 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/src/wp-admin/includes/file.php
r42244 r42246 415 415 } 416 416 417 $real_file = $theme->get_stylesheet_directory() . '/' . $file; 418 if ( ! wp_verify_nonce( $args['nonce'], 'edit-theme_' . $real_file . $stylesheet ) ) { 417 if ( ! wp_verify_nonce( $args['nonce'], 'edit-theme_' . $stylesheet . '_' . $file ) ) { 419 418 return new WP_Error( 'nonce_failure' ); 420 419 } … … 451 450 } 452 451 452 $real_file = $theme->get_stylesheet_directory() . '/' . $file; 453 453 454 $is_active = ( get_stylesheet() === $stylesheet || get_template() === $stylesheet ); 455 454 456 } else { 455 457 return new WP_Error( 'missing_theme_or_plugin' ); -
trunk/src/wp-admin/theme-editor.php
r42228 r42246 115 115 if ( is_wp_error( $r ) ) { 116 116 $edit_error = $r; 117 if ( check_ajax_referer( 'edit-theme_' . $ file . $stylesheet, 'nonce', false ) && isset( $_POST['newcontent'] ) ) {117 if ( check_ajax_referer( 'edit-theme_' . $stylesheet . '_' . $relative_file, 'nonce', false ) && isset( $_POST['newcontent'] ) ) { 118 118 $posted_content = wp_unslash( $_POST['newcontent'] ); 119 119 } … … 256 256 else : ?> 257 257 <form name="template" id="template" action="theme-editor.php" method="post"> 258 <?php wp_nonce_field( 'edit-theme_' . $ file . $stylesheet, 'nonce' ); ?>258 <?php wp_nonce_field( 'edit-theme_' . $stylesheet . '_' . $relative_file, 'nonce' ); ?> 259 259 <div> 260 260 <label for="newcontent" id="theme-plugin-editor-label"><?php _e( 'Selected file content:' ); ?></label>
Note: See TracChangeset
for help on using the changeset viewer.