IntenseWebs/WordPress
3
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add Nonce to updating wporg_favorites user meta field

Browse Source 
Built from https://develop.svn.wordpress.org/trunk@37145


git-svn-id: http://core.svn.wordpress.org/trunk@37112 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
Aaron Jorbin
2016-03-30 18:36:26 +00:00
parent 9b7a775413
commit bd7ffca854
7 changed files with 27 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
wp-admin/includes/ajax-actions.php
View File

@@ -2759,14 +2759,14 @@ function wp_ajax_get_revision_diffs() {
require ABSPATH . 'wp-admin/includes/revision.php';
if ( ! $post = get_post( (int) $_REQUEST['post_id'] ) )
wp_send_json_error();
wp_send_json_error(111);
if ( ! current_user_can( 'read_post', $post->ID ) )
wp_send_json_error();
wp_send_json_error(222);
// Really just pre-loading the cache here.
if ( ! $revisions = wp_get_post_revisions( $post->ID, array( 'check_enabled' => false ) ) )
wp_send_json_error();
wp_send_json_error(333);
$return = array();
@set_time_limit( 0 );
@@ -3317,6 +3317,8 @@ function wp_ajax_save_wporg_username() {
wp_send_json_error();
}
check_ajax_referer( 'save_wporg_username_' . get_current_user_id() );
$username = isset( $_REQUEST['username'] ) ? wp_unslash( $_REQUEST['username'] ) : false;
if ( ! $username ) {