Add nonce to menu-locations-save. Props koopersmith. see #13378

git-svn-id: https://develop.svn.wordpress.org/trunk@14725 602fd350-edb4-49c9-b593-d223f7449a82
2010-05-18 15:16:58 +00:00 · 2010-05-18 15:16:58 +00:00 · bc086f5cad
parent 51518f24be
commit bc086f5cad
4 changed files with 15 additions and 4 deletions
--- a/wp-admin/admin-ajax.php
+++ b/wp-admin/admin-ajax.php
@ -1106,6 +1106,7 @@ case 'menu-quick-search':
 case 'menu-locations-save':
 	if ( ! current_user_can( 'edit_theme_options' ) )
 		die('-1');
 	check_ajax_referer( 'add-menu_item', 'menu-settings-column-nonce' );
 	if ( ! isset( $_POST['menu-locations' ] ) )
 		die('0');
 	set_theme_mod( 'nav_menu_locations', $_POST['menu-locations'] );
--- a/wp-admin/js/nav-menu.dev.js
+++ b/wp-admin/js/nav-menu.dev.js
@ -34,6 +34,7 @@ var wpNavMenu;
 			this.setupInputWithDefaultTitle();
 			this.attachAddMenuItemListeners();
 			this.attachQuickSearchListeners();
 			this.attachThemeLocationsListeners();
 			this.attachTabsPanelListeners();
@ -329,7 +330,7 @@ var wpNavMenu;
 		},
 		attachAddMenuItemListeners : function() {
-			var form = $('#nav-menu-meta'), loc = form.find('#nav-menu-theme-locations');
+			var form = $('#nav-menu-meta');
 			form.find('.add-to-menu input').click(function(){
 				$(this).trigger('wp-add-menu-item', [api.addMenuItemToBottom]);
@ -341,9 +342,18 @@ var wpNavMenu;
 			form.find('.posttypediv, .taxonomydiv').bind('wp-add-menu-item', function(e, processMethod) {
 				$(this).addSelectedToMenu( processMethod );
 			});
 		},
 		attachThemeLocationsListeners : function() {
 			var loc = $('#nav-menu-theme-locations'),
 			params = {
 				'action': 'menu-locations-save',
 				'menu-locations': loc.find('select').serialize(),
 				'menu-settings-column-nonce': $('#menu-settings-column-nonce').val()
 			};
 			loc.find('input[type=submit]').click(function() {
 				loc.find('.waiting').show();
-				$.post( ajaxurl, loc.find('select').serialize() + '&action=menu-locations-save', function(r) {
+				$.post( ajaxurl, params, function(r) {
 					loc.find('.waiting').hide();
 				});
 				return false;
--- a/wp-admin/js/nav-menu.js
+++ b/wp-admin/js/nav-menu.js
--- a/wp-includes/script-loader.php
+++ b/wp-includes/script-loader.php
@ -387,7 +387,7 @@ function wp_default_scripts( &$scripts ) {
 		) );
 		// Custom Navigation
-		$scripts->add( 'nav-menu', "/wp-admin/js/nav-menu$suffix.js", false, '20100517' );
+		$scripts->add( 'nav-menu', "/wp-admin/js/nav-menu$suffix.js", false, '20100518' );
 		$scripts->localize( 'nav-menu', 'navMenuL10n', array(
 			'home' => _x('Home', 'nav menu home label'),
 			'homeurl' => home_url('/'),