Add nonce for widget accessibility mode.
Props vortfu. See #23328. Merges [39765] to 3.7 branch. Built from https://develop.svn.wordpress.org/branches/3.7@39771 git-svn-id: http://core.svn.wordpress.org/branches/3.7@39709 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
parent
45af63e137
commit
bf3ac93baf
|
@ -901,7 +901,8 @@ final class WP_Screen {
|
|||
|
||||
switch ( $this->id ) {
|
||||
case 'widgets':
|
||||
$this->_screen_settings = '<p><a id="access-on" href="widgets.php?widgets-access=on">' . __('Enable accessibility mode') . '</a><a id="access-off" href="widgets.php?widgets-access=off">' . __('Disable accessibility mode') . "</a></p>\n";
|
||||
$nonce = wp_create_nonce( 'widgets-access' );
|
||||
$this->_screen_settings = '<p><a id="access-on" href="widgets.php?widgets-access=on&_wpnonce=' . urlencode( $nonce ) . '">' . __('Enable accessibility mode') . '</a><a id="access-off" href="widgets.php?widgets-access=off&_wpnonce=' . urlencode( $nonce ) . '">' . __('Disable accessibility mode') . "</a></p>\n";
|
||||
break;
|
||||
default:
|
||||
$this->_screen_settings = '';
|
||||
|
|
|
@ -17,6 +17,8 @@ if ( ! current_user_can('edit_theme_options') )
|
|||
|
||||
$widgets_access = get_user_setting( 'widgets_access' );
|
||||
if ( isset($_GET['widgets-access']) ) {
|
||||
check_admin_referer( 'widgets-access' );
|
||||
|
||||
$widgets_access = 'on' == $_GET['widgets-access'] ? 'on' : 'off';
|
||||
set_user_setting( 'widgets_access', $widgets_access );
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue