From 1db0b6e2514cdae97e3b52c939c2d60729fea6c2 Mon Sep 17 00:00:00 2001
From: Aaron Campbell <aaron@xavisys.com>
Date: Wed, 11 Jan 2017 01:52:15 +0000
Subject: [PATCH] Add nonce for widget accessibility mode.

Props vortfu.

See #23328.

Merges [39765] to 3.9 branch.

Built from https://develop.svn.wordpress.org/branches/3.9@39769


git-svn-id: http://core.svn.wordpress.org/branches/3.9@39707 1a063a9b-81f0-0310-95a4-ce76da25c4cd
---
 wp-admin/includes/screen.php | 3 ++-
 wp-admin/widgets.php         | 2 ++
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/wp-admin/includes/screen.php b/wp-admin/includes/screen.php
index 7d4ec88152..1ea248c10b 100644
--- a/wp-admin/includes/screen.php
+++ b/wp-admin/includes/screen.php
@@ -969,7 +969,8 @@ final class WP_Screen {
 
 		switch ( $this->id ) {
 			case 'widgets':
-				$this->_screen_settings = '<p><a id="access-on" href="widgets.php?widgets-access=on">' . __('Enable accessibility mode') . '</a><a id="access-off" href="widgets.php?widgets-access=off">' . __('Disable accessibility mode') . "</a></p>\n";
+				$nonce = wp_create_nonce( 'widgets-access' );
+				$this->_screen_settings = '<p><a id="access-on" href="widgets.php?widgets-access=on&_wpnonce=' . urlencode( $nonce ) . '">' . __('Enable accessibility mode') . '</a><a id="access-off" href="widgets.php?widgets-access=off&_wpnonce=' . urlencode( $nonce ) . '">' . __('Disable accessibility mode') . "</a></p>\n";
 				break;
 			default:
 				$this->_screen_settings = '';
diff --git a/wp-admin/widgets.php b/wp-admin/widgets.php
index 9383d7436c..245c4ac984 100644
--- a/wp-admin/widgets.php
+++ b/wp-admin/widgets.php
@@ -17,6 +17,8 @@ if ( ! current_user_can('edit_theme_options') )
 
 $widgets_access = get_user_setting( 'widgets_access' );
 if ( isset($_GET['widgets-access']) ) {
+	check_admin_referer( 'widgets-access' );
+
 	$widgets_access = 'on' == $_GET['widgets-access'] ? 'on' : 'off';
 	set_user_setting( 'widgets_access', $widgets_access );
 }