Add Nonce to updating wporg_favorites user meta field
Built from https://develop.svn.wordpress.org/trunk@37145 git-svn-id: http://core.svn.wordpress.org/trunk@37112 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
parent
9b7a775413
commit
bd7ffca854
|
@ -2759,14 +2759,14 @@ function wp_ajax_get_revision_diffs() {
|
||||||
require ABSPATH . 'wp-admin/includes/revision.php';
|
require ABSPATH . 'wp-admin/includes/revision.php';
|
||||||
|
|
||||||
if ( ! $post = get_post( (int) $_REQUEST['post_id'] ) )
|
if ( ! $post = get_post( (int) $_REQUEST['post_id'] ) )
|
||||||
wp_send_json_error();
|
wp_send_json_error(111);
|
||||||
|
|
||||||
if ( ! current_user_can( 'read_post', $post->ID ) )
|
if ( ! current_user_can( 'read_post', $post->ID ) )
|
||||||
wp_send_json_error();
|
wp_send_json_error(222);
|
||||||
|
|
||||||
// Really just pre-loading the cache here.
|
// Really just pre-loading the cache here.
|
||||||
if ( ! $revisions = wp_get_post_revisions( $post->ID, array( 'check_enabled' => false ) ) )
|
if ( ! $revisions = wp_get_post_revisions( $post->ID, array( 'check_enabled' => false ) ) )
|
||||||
wp_send_json_error();
|
wp_send_json_error(333);
|
||||||
|
|
||||||
$return = array();
|
$return = array();
|
||||||
@set_time_limit( 0 );
|
@set_time_limit( 0 );
|
||||||
|
@ -3317,6 +3317,8 @@ function wp_ajax_save_wporg_username() {
|
||||||
wp_send_json_error();
|
wp_send_json_error();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
check_ajax_referer( 'save_wporg_username_' . get_current_user_id() );
|
||||||
|
|
||||||
$username = isset( $_REQUEST['username'] ) ? wp_unslash( $_REQUEST['username'] ) : false;
|
$username = isset( $_REQUEST['username'] ) ? wp_unslash( $_REQUEST['username'] ) : false;
|
||||||
|
|
||||||
if ( ! $username ) {
|
if ( ! $username ) {
|
||||||
|
|
|
@ -170,8 +170,13 @@ class WP_Plugin_Install_List_Table extends WP_List_Table {
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case 'favorites':
|
case 'favorites':
|
||||||
$user = isset( $_GET['user'] ) ? wp_unslash( $_GET['user'] ) : get_user_option( 'wporg_favorites' );
|
$action = 'save_wporg_username_' . get_current_user_id();
|
||||||
update_user_meta( get_current_user_id(), 'wporg_favorites', $user );
|
if ( isset( $_GET['_wpnonce'] ) && wp_verify_nonce( wp_unslash( $_GET['_wpnonce'] ), $action ) ) {
|
||||||
|
$user = isset( $_GET['user'] ) ? wp_unslash( $_GET['user'] ) : get_user_option( 'wporg_favorites' );
|
||||||
|
update_user_meta( get_current_user_id(), 'wporg_favorites', $user );
|
||||||
|
} else {
|
||||||
|
$user = get_user_option( 'wporg_favorites' );
|
||||||
|
}
|
||||||
if ( $user )
|
if ( $user )
|
||||||
$args['user'] = $user;
|
$args['user'] = $user;
|
||||||
else
|
else
|
||||||
|
|
|
@ -300,7 +300,8 @@ function install_plugins_upload() {
|
||||||
*
|
*
|
||||||
*/
|
*/
|
||||||
function install_plugins_favorites_form() {
|
function install_plugins_favorites_form() {
|
||||||
$user = ! empty( $_GET['user'] ) ? wp_unslash( $_GET['user'] ) : get_user_option( 'wporg_favorites' );
|
$user = get_user_option( 'wporg_favorites' );
|
||||||
|
$action = 'save_wporg_username_' . get_current_user_id();
|
||||||
?>
|
?>
|
||||||
<p class="install-help"><?php _e( 'If you have marked plugins as favorites on WordPress.org, you can browse them here.' ); ?></p>
|
<p class="install-help"><?php _e( 'If you have marked plugins as favorites on WordPress.org, you can browse them here.' ); ?></p>
|
||||||
<form method="get">
|
<form method="get">
|
||||||
|
@ -309,6 +310,7 @@ function install_plugins_favorites_form() {
|
||||||
<label for="user"><?php _e( 'Your WordPress.org username:' ); ?></label>
|
<label for="user"><?php _e( 'Your WordPress.org username:' ); ?></label>
|
||||||
<input type="search" id="user" name="user" value="<?php echo esc_attr( $user ); ?>" />
|
<input type="search" id="user" name="user" value="<?php echo esc_attr( $user ); ?>" />
|
||||||
<input type="submit" class="button" value="<?php esc_attr_e( 'Get Favorites' ); ?>" />
|
<input type="submit" class="button" value="<?php esc_attr_e( 'Get Favorites' ); ?>" />
|
||||||
|
<input type="hidden" id="wporg-username-nonce" name="_wpnonce" value="<?php echo esc_attr( wp_create_nonce( $action ) ); ?>" />
|
||||||
</p>
|
</p>
|
||||||
</form>
|
</form>
|
||||||
<?php
|
<?php
|
||||||
|
|
|
@ -1548,6 +1548,7 @@ themes.view.Installer = themes.view.Appearance.extend({
|
||||||
// Save the user's WordPress.org username and get his favorite themes.
|
// Save the user's WordPress.org username and get his favorite themes.
|
||||||
saveUsername: function ( event ) {
|
saveUsername: function ( event ) {
|
||||||
var username = $( '#wporg-username-input' ).val(),
|
var username = $( '#wporg-username-input' ).val(),
|
||||||
|
nonce = $( '#wporg-username-nonce' ).val(),
|
||||||
request = { browse: 'favorites', user: username },
|
request = { browse: 'favorites', user: username },
|
||||||
that = this;
|
that = this;
|
||||||
|
|
||||||
|
@ -1562,6 +1563,7 @@ themes.view.Installer = themes.view.Appearance.extend({
|
||||||
|
|
||||||
return wp.ajax.send( 'save-wporg-username', {
|
return wp.ajax.send( 'save-wporg-username', {
|
||||||
data: {
|
data: {
|
||||||
|
_wpnonce: nonce,
|
||||||
username: username
|
username: username
|
||||||
},
|
},
|
||||||
success: function () {
|
success: function () {
|
||||||
|
|
File diff suppressed because one or more lines are too long
|
@ -156,13 +156,19 @@ include(ABSPATH . 'wp-admin/admin-header.php');
|
||||||
|
|
||||||
<div class="favorites-form">
|
<div class="favorites-form">
|
||||||
<?php
|
<?php
|
||||||
$user = isset( $_GET['user'] ) ? wp_unslash( $_GET['user'] ) : get_user_option( 'wporg_favorites' );
|
$action = 'save_wporg_username_' . get_current_user_id();
|
||||||
update_user_meta( get_current_user_id(), 'wporg_favorites', $user );
|
if ( isset( $_GET['_wpnonce'] ) && wp_verify_nonce( wp_unslash( $_GET['_wpnonce'] ), $action ) ) {
|
||||||
|
$user = isset( $_GET['user'] ) ? wp_unslash( $_GET['user'] ) : get_user_option( 'wporg_favorites' );
|
||||||
|
update_user_meta( get_current_user_id(), 'wporg_favorites', $user );
|
||||||
|
} else {
|
||||||
|
$user = get_user_option( 'wporg_favorites' );
|
||||||
|
}
|
||||||
?>
|
?>
|
||||||
<p class="install-help"><?php _e( 'If you have marked themes as favorites on WordPress.org, you can browse them here.' ); ?></p>
|
<p class="install-help"><?php _e( 'If you have marked themes as favorites on WordPress.org, you can browse them here.' ); ?></p>
|
||||||
|
|
||||||
<p>
|
<p>
|
||||||
<label for="wporg-username-input"><?php _e( 'Your WordPress.org username:' ); ?></label>
|
<label for="wporg-username-input"><?php _e( 'Your WordPress.org username:' ); ?></label>
|
||||||
|
<input type="hidden" id="wporg-username-nonce" name="_wpnonce" value="<?php echo esc_attr( wp_create_nonce( $action ) ); ?>" />
|
||||||
<input type="search" id="wporg-username-input" value="<?php echo esc_attr( $user ); ?>" />
|
<input type="search" id="wporg-username-input" value="<?php echo esc_attr( $user ); ?>" />
|
||||||
<input type="button" class="button button-secondary favorites-form-submit" value="<?php esc_attr_e( 'Get Favorites' ); ?>" />
|
<input type="button" class="button button-secondary favorites-form-submit" value="<?php esc_attr_e( 'Get Favorites' ); ?>" />
|
||||||
</p>
|
</p>
|
||||||
|
|
|
@ -4,7 +4,7 @@
|
||||||
*
|
*
|
||||||
* @global string $wp_version
|
* @global string $wp_version
|
||||||
*/
|
*/
|
||||||
$wp_version = '4.5-RC1-37143';
|
$wp_version = '4.5-RC1-37145';
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.
|
* Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.
|
||||||
|
|
Loading…
Reference in New Issue