Multisite: Add a nonce to the "Cancel" URL when changing a site's admin email.
Props scottbasgaard. Fixes #36954. Built from https://develop.svn.wordpress.org/trunk@38006 git-svn-id: http://core.svn.wordpress.org/trunk@37947 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
parent
397f08e7d3
commit
24804144de
|
@ -112,7 +112,7 @@ if ( $new_admin_email && $new_admin_email != get_option('admin_email') ) : ?>
|
||||||
);
|
);
|
||||||
printf(
|
printf(
|
||||||
' <a href="%1$s">%2$s</a>',
|
' <a href="%1$s">%2$s</a>',
|
||||||
esc_url( admin_url( 'options.php?dismiss=new_admin_email' ) ),
|
esc_url( wp_nonce_url( admin_url( 'options.php?dismiss=new_admin_email' ), 'dismiss-' . get_current_blog_id() . '-new_admin_email' ) ),
|
||||||
__( 'Cancel' )
|
__( 'Cancel' )
|
||||||
);
|
);
|
||||||
?></p>
|
?></p>
|
||||||
|
|
|
@ -66,6 +66,7 @@ if ( is_multisite() ) {
|
||||||
wp_redirect( admin_url( $redirect ) );
|
wp_redirect( admin_url( $redirect ) );
|
||||||
exit;
|
exit;
|
||||||
} elseif ( ! empty( $_GET['dismiss'] ) && 'new_admin_email' == $_GET['dismiss'] ) {
|
} elseif ( ! empty( $_GET['dismiss'] ) && 'new_admin_email' == $_GET['dismiss'] ) {
|
||||||
|
check_admin_referer( 'dismiss-' . get_current_blog_id() . '-new_admin_email' );
|
||||||
delete_option( 'adminhash' );
|
delete_option( 'adminhash' );
|
||||||
delete_option( 'new_admin_email' );
|
delete_option( 'new_admin_email' );
|
||||||
wp_redirect( admin_url( 'options-general.php?updated=true' ) );
|
wp_redirect( admin_url( 'options-general.php?updated=true' ) );
|
||||||
|
|
|
@ -4,7 +4,7 @@
|
||||||
*
|
*
|
||||||
* @global string $wp_version
|
* @global string $wp_version
|
||||||
*/
|
*/
|
||||||
$wp_version = '4.6-beta2-38005';
|
$wp_version = '4.6-beta2-38006';
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.
|
* Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.
|
||||||
|
|
Loading…
Reference in New Issue