WordPress.org

Make WordPress Core


Ignore:
Timestamp:
11/27/2017 03:43:11 AM (2 years ago)
Author:
dd32
Message:

Theme Editior: Base the nonce on a simpler combination of fields, for easier debugging & reading.

See #42609.
Fixes #42705.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-admin/theme-editor.php

    r42228 r42246  
    115115    if ( is_wp_error( $r ) ) {
    116116        $edit_error = $r;
    117         if ( check_ajax_referer( 'edit-theme_' . $file . $stylesheet, 'nonce', false ) && isset( $_POST['newcontent'] ) ) {
     117        if ( check_ajax_referer( 'edit-theme_' . $stylesheet . '_' . $relative_file, 'nonce', false ) && isset( $_POST['newcontent'] ) ) {
    118118            $posted_content = wp_unslash( $_POST['newcontent'] );
    119119        }
     
    256256else : ?>
    257257    <form name="template" id="template" action="theme-editor.php" method="post">
    258         <?php wp_nonce_field( 'edit-theme_' . $file . $stylesheet, 'nonce' ); ?>
     258        <?php wp_nonce_field( 'edit-theme_' . $stylesheet . '_' . $relative_file, 'nonce' ); ?>
    259259        <div>
    260260            <label for="newcontent" id="theme-plugin-editor-label"><?php _e( 'Selected file content:' ); ?></label>
Note: See TracChangeset for help on using the changeset viewer.