WordPress.org

Make WordPress Core

Changeset 45149


Ignore:
Timestamp:
04/09/2019 12:07:39 AM (19 months ago)
Author:
pento
Message:

Privacy: Add a missing <form> action on the Export/Erasure screens.

This lack of action could cause an expired nonce to end up in the URL.

Props garrett-eclipse, saimonh, xkon.
Fixes #44047.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-admin/includes/user.php

    r44821 r45149  
    831831        <?php settings_errors(); ?>
    832832
    833         <form method="post" class="wp-privacy-request-form">
     833        <form action="<?php echo admin_url( 'tools.php?page=export_personal_data' ); ?>" method="post" class="wp-privacy-request-form">
    834834            <h2><?php esc_html_e( 'Add Data Export Request' ); ?></h2>
    835835            <p><?php esc_html_e( 'An email will be sent to the user at this email address asking them to verify the request.' ); ?></p>
     
    915915        <?php settings_errors(); ?>
    916916
    917         <form method="post" class="wp-privacy-request-form">
     917        <form action="<?php echo admin_url( 'tools.php?page=remove_personal_data' ); ?>" method="post" class="wp-privacy-request-form">
    918918            <h2><?php esc_html_e( 'Add Data Erasure Request' ); ?></h2>
    919919            <p><?php esc_html_e( 'An email will be sent to the user at this email address asking them to verify the request.' ); ?></p>
Note: See TracChangeset for help on using the changeset viewer.