Changeset 6739 for trunk/wp-admin/admin-ajax.php

Timestamp:

02/06/2008 09:19:47 PM (18 years ago)

Author:

ryan

Message:

Remove cookie checking from check_ajax_referer(). Check nonces instead. Props mdawaffe. fixes #5782

File:

• trunk/wp-admin/admin-ajax.php (modified) (2 diffs)

trunk/wp-admin/admin-ajax.php

@@ -468 +468 @@
     break;
 case 'autosave' : // The name of this action is hardcoded in edit_post()
-    check_ajax_referer( $action );
+    check_ajax_referer( 'autosave', 'autosavenonce' );
     $_POST['post_content'] = $_POST['content'];
     $_POST['post_excerpt'] = $_POST['excerpt'];
@@ -500 +500 @@
 break;
 case 'autosave-generate-nonces' :
-    check_ajax_referer( $action );
+    check_ajax_referer( 'autosave', 'autosavenonce' );
     $ID = (int) $_POST['post_ID'];
     if($_POST['post_type'] == 'post') {