sergiotarxz/Wordpress
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Nonces are already per-user. see #22862.

Browse Source 
git-svn-id: https://develop.svn.wordpress.org/trunk@26793 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
Andrew Nacin 2013-12-08 07:05:01 +00:00
parent 0d855b67e1
commit 4ac6742af9
2 changed files with 5 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/wp-admin/includes/ajax-actions.php
View File

@ -2249,9 +2249,7 @@ function wp_ajax_get_revision_diffs() {
function wp_ajax_save_user_color_scheme() { function wp_ajax_save_user_color_scheme() {
global $_wp_admin_css_colors; global $_wp_admin_css_colors;
$user_id = get_current_user_id(); check_ajax_referer( 'save-color-scheme', 'nonce' );
check_ajax_referer( 'save-color-scheme_' . $user_id, 'nonce' );
$color_scheme = sanitize_key( $_POST['color_scheme'] ); $color_scheme = sanitize_key( $_POST['color_scheme'] );
@ -2259,6 +2257,6 @@ function wp_ajax_save_user_color_scheme() {
wp_send_json_error(); wp_send_json_error();
} }
update_user_meta( $user_id, 'admin_color', $color_scheme ); update_user_meta( get_current_user_id(), 'admin_color', $color_scheme );
wp_send_json_success(); wp_send_json_success();
} }

6
src/wp-admin/includes/misc.php
View File

@ -562,7 +562,7 @@ function saveDomDocument($doc, $filename) {
* @since 3.0.0 * @since 3.0.0
*/ */
function admin_color_scheme_picker() { function admin_color_scheme_picker() {
global $_wp_admin_css_colors, $user_id; global $_wp_admin_css_colors;
ksort( $_wp_admin_css_colors ); ksort( $_wp_admin_css_colors );
@ -571,7 +571,7 @@ function admin_color_scheme_picker() {
$_wp_admin_css_colors = array_merge( array( 'fresh' => '', 'light' => '' ), $_wp_admin_css_colors ); $_wp_admin_css_colors = array_merge( array( 'fresh' => '', 'light' => '' ), $_wp_admin_css_colors );
} }
$current_color = get_user_option( 'admin_color', $user_id ); $current_color = get_user_option( 'admin_color' );
if ( empty( $current_color ) || ! isset( $_wp_admin_css_colors[ $current_color ] ) ) { if ( empty( $current_color ) || ! isset( $_wp_admin_css_colors[ $current_color ] ) ) {
$current_color = 'fresh'; $current_color = 'fresh';
@ -581,7 +581,7 @@ function admin_color_scheme_picker() {
<fieldset id="color-picker" class="scheme-list"> <fieldset id="color-picker" class="scheme-list">
<legend class="screen-reader-text"><span><?php _e( 'Admin Color Scheme' ); ?></span></legend> <legend class="screen-reader-text"><span><?php _e( 'Admin Color Scheme' ); ?></span></legend>
<?php <?php
wp_nonce_field( 'save-color-scheme_' . $user_id, 'color-nonce', false ); wp_nonce_field( 'save-color-scheme', 'color-nonce', false );
foreach ( $_wp_admin_css_colors as $color => $color_info ) : foreach ( $_wp_admin_css_colors as $color => $color_info ) :
?> ?>