From f1680acb865c1bf6cde1dbe9d46461e6adc4a43a Mon Sep 17 00:00:00 2001 From: Nikolay Bachiyski Date: Wed, 30 Mar 2016 18:20:31 +0000 Subject: [PATCH] Add nonce to AJAX action for script compression setting git-svn-id: https://develop.svn.wordpress.org/trunk@37143 602fd350-edb4-49c9-b593-d223f7449a82 --- src/wp-admin/includes/ajax-actions.php | 2 ++ src/wp-admin/includes/template.php | 3 ++- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/src/wp-admin/includes/ajax-actions.php b/src/wp-admin/includes/ajax-actions.php index d8b74561bb..a6334cb69f 100644 --- a/src/wp-admin/includes/ajax-actions.php +++ b/src/wp-admin/includes/ajax-actions.php @@ -197,8 +197,10 @@ function wp_ajax_wp_compression_test() { echo $out; wp_die(); } elseif ( 'no' == $_GET['test'] ) { + check_ajax_referer( 'update_can_compress_scripts' ); update_site_option('can_compress_scripts', 0); } elseif ( 'yes' == $_GET['test'] ) { + check_ajax_referer( 'update_can_compress_scripts' ); update_site_option('can_compress_scripts', 1); } } diff --git a/src/wp-admin/includes/template.php b/src/wp-admin/includes/template.php index bc103faa71..5138fd204c 100644 --- a/src/wp-admin/includes/template.php +++ b/src/wp-admin/includes/template.php @@ -1789,6 +1789,7 @@ function _media_states( $post ) { function compression_test() { ?>