vhad/wordpress-develop
1
0
Fork 0
mirror of https://github.com/gosticks/wordpress-develop.git synced 2026-06-28 22:30:04 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Theme Editior: Base the nonce on a simpler combination of fields, for easier debugging & reading.

Browse Source 
See #42609.
Fixes #42705.


git-svn-id: https://develop.svn.wordpress.org/trunk@42246 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
Dion Hulse
2017-11-27 03:43:11 +00:00
parent 6e0ba7864f
commit 44c75415b3
2 changed files with 6 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/wp-admin/theme-editor.php
View File

@@ -114,7 +114,7 @@ if ( 'POST' === $_SERVER['REQUEST_METHOD'] ) {
$r = wp_edit_theme_plugin_file( wp_unslash( $_POST ) );
if ( is_wp_error( $r ) ) {
$edit_error = $r;
if ( check_ajax_referer( 'edit-theme_' . $file . $stylesheet, 'nonce', false ) && isset( $_POST['newcontent'] ) ) {
if ( check_ajax_referer( 'edit-theme_' . $stylesheet . '_' . $relative_file, 'nonce', false ) && isset( $_POST['newcontent'] ) ) {
$posted_content = wp_unslash( $_POST['newcontent'] );
}
} else {
@@ -255,7 +255,7 @@ if ( $theme->errors() )
echo '<div class="error"><p>' . __('Oops, no such file exists! Double check the name and try again, merci.') . '</p></div>';
else : ?>
<form name="template" id="template" action="theme-editor.php" method="post">
<?php wp_nonce_field( 'edit-theme_' . $file . $stylesheet, 'nonce' ); ?>
<?php wp_nonce_field( 'edit-theme_' . $stylesheet . '_' . $relative_file, 'nonce' ); ?>
<div>
<label for="newcontent" id="theme-plugin-editor-label"><?php _e( 'Selected file content:' ); ?></label>
<textarea cols="70" rows="30" name="newcontent" id="newcontent" aria-describedby="editor-keyboard-trap-help-1 editor-keyboard-trap-help-2 editor-keyboard-trap-help-3 editor-keyboard-trap-help-4"><?php echo $content; ?></textarea>