From bd0c3bf0c7524670f2e118a4fbbd29fe796c440e Mon Sep 17 00:00:00 2001 From: Aaron Jorbin Date: Wed, 30 Mar 2016 18:35:37 +0000 Subject: [PATCH] Add Nonce to updating wporg_favorites user meta field git-svn-id: https://develop.svn.wordpress.org/trunk@37145 602fd350-edb4-49c9-b593-d223f7449a82 --- src/wp-admin/includes/ajax-actions.php | 8 +++++--- .../includes/class-wp-plugin-install-list-table.php | 9 +++++++-- src/wp-admin/includes/plugin-install.php | 4 +++- src/wp-admin/js/theme.js | 2 ++ src/wp-admin/theme-install.php | 10 ++++++++-- 5 files changed, 25 insertions(+), 8 deletions(-) diff --git a/src/wp-admin/includes/ajax-actions.php b/src/wp-admin/includes/ajax-actions.php index a6334cb69f..91372a34c4 100644 --- a/src/wp-admin/includes/ajax-actions.php +++ b/src/wp-admin/includes/ajax-actions.php @@ -2759,14 +2759,14 @@ function wp_ajax_get_revision_diffs() { require ABSPATH . 'wp-admin/includes/revision.php'; if ( ! $post = get_post( (int) $_REQUEST['post_id'] ) ) - wp_send_json_error(); + wp_send_json_error(111); if ( ! current_user_can( 'read_post', $post->ID ) ) - wp_send_json_error(); + wp_send_json_error(222); // Really just pre-loading the cache here. if ( ! $revisions = wp_get_post_revisions( $post->ID, array( 'check_enabled' => false ) ) ) - wp_send_json_error(); + wp_send_json_error(333); $return = array(); @set_time_limit( 0 ); @@ -3317,6 +3317,8 @@ function wp_ajax_save_wporg_username() { wp_send_json_error(); } + check_ajax_referer( 'save_wporg_username_' . get_current_user_id() ); + $username = isset( $_REQUEST['username'] ) ? wp_unslash( $_REQUEST['username'] ) : false; if ( ! $username ) { diff --git a/src/wp-admin/includes/class-wp-plugin-install-list-table.php b/src/wp-admin/includes/class-wp-plugin-install-list-table.php index cdd0c6e021..26c8a0a21b 100644 --- a/src/wp-admin/includes/class-wp-plugin-install-list-table.php +++ b/src/wp-admin/includes/class-wp-plugin-install-list-table.php @@ -170,8 +170,13 @@ class WP_Plugin_Install_List_Table extends WP_List_Table { break; case 'favorites': - $user = isset( $_GET['user'] ) ? wp_unslash( $_GET['user'] ) : get_user_option( 'wporg_favorites' ); - update_user_meta( get_current_user_id(), 'wporg_favorites', $user ); + $action = 'save_wporg_username_' . get_current_user_id(); + if ( isset( $_GET['_wpnonce'] ) && wp_verify_nonce( wp_unslash( $_GET['_wpnonce'] ), $action ) ) { + $user = isset( $_GET['user'] ) ? wp_unslash( $_GET['user'] ) : get_user_option( 'wporg_favorites' ); + update_user_meta( get_current_user_id(), 'wporg_favorites', $user ); + } else { + $user = get_user_option( 'wporg_favorites' ); + } if ( $user ) $args['user'] = $user; else diff --git a/src/wp-admin/includes/plugin-install.php b/src/wp-admin/includes/plugin-install.php index 66c211155c..8b4005aca1 100644 --- a/src/wp-admin/includes/plugin-install.php +++ b/src/wp-admin/includes/plugin-install.php @@ -300,7 +300,8 @@ function install_plugins_upload() { * */ function install_plugins_favorites_form() { - $user = ! empty( $_GET['user'] ) ? wp_unslash( $_GET['user'] ) : get_user_option( 'wporg_favorites' ); + $user = get_user_option( 'wporg_favorites' ); + $action = 'save_wporg_username_' . get_current_user_id(); ?>

@@ -309,6 +310,7 @@ function install_plugins_favorites_form() { +

+