vhad/wordpress-develop
1
0
Fork 0
mirror of https://github.com/gosticks/wordpress-develop.git synced 2026-04-03 20:24:26 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Add Nonce to updating wporg_favorites user meta field

Browse Source 
git-svn-id: https://develop.svn.wordpress.org/trunk@37145 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
Aaron Jorbin
2016-03-30 18:35:37 +00:00
parent f1680acb86
commit bd0c3bf0c7
5 changed files with 25 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
src/wp-admin/theme-install.php
View File

@@ -156,13 +156,19 @@ include(ABSPATH . 'wp-admin/admin-header.php');
<div class="favorites-form">
<?php
$user = isset( $_GET['user'] ) ? wp_unslash( $_GET['user'] ) : get_user_option( 'wporg_favorites' );
update_user_meta( get_current_user_id(), 'wporg_favorites', $user );
$action = 'save_wporg_username_' . get_current_user_id();
if ( isset( $_GET['_wpnonce'] ) && wp_verify_nonce( wp_unslash( $_GET['_wpnonce'] ), $action ) ) {
$user = isset( $_GET['user'] ) ? wp_unslash( $_GET['user'] ) : get_user_option( 'wporg_favorites' );
update_user_meta( get_current_user_id(), 'wporg_favorites', $user );
} else {
$user = get_user_option( 'wporg_favorites' );
}
?>
<p class="install-help"><?php _e( 'If you have marked themes as favorites on WordPress.org, you can browse them here.' ); ?></p>
<p>
<label for="wporg-username-input"><?php _e( 'Your WordPress.org username:' ); ?></label>
<input type="hidden" id="wporg-username-nonce" name="_wpnonce" value="<?php echo esc_attr( wp_create_nonce( $action ) ); ?>" />
<input type="search" id="wporg-username-input" value="<?php echo esc_attr( $user ); ?>" />
<input type="button" class="button button-secondary favorites-form-submit" value="<?php esc_attr_e( 'Get Favorites' ); ?>" />
</p>