Namespace the dashboard widget nonce to avoid collisions with plugins.
git-svn-id: https://develop.svn.wordpress.org/trunk@22964 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
parent
511cb0ec93
commit
efe3a45b76
@ -131,7 +131,7 @@ function wp_dashboard_setup() {
|
||||
}
|
||||
|
||||
if ( 'POST' == $_SERVER['REQUEST_METHOD'] && isset($_POST['widget_id']) ) {
|
||||
check_admin_referer( 'edit-dashboard-widget_' . $_POST['widget_id'] );
|
||||
check_admin_referer( 'edit-dashboard-widget_' . $_POST['widget_id'], 'dashboard-widget-nonce' );
|
||||
ob_start(); // hack - but the same hack wp-admin/widgets.php uses
|
||||
wp_dashboard_trigger_widget_control( $_POST['widget_id'] );
|
||||
ob_end_clean();
|
||||
@ -183,7 +183,7 @@ function wp_add_dashboard_widget( $widget_id, $widget_name, $callback, $control_
|
||||
function _wp_dashboard_control_callback( $dashboard, $meta_box ) {
|
||||
echo '<form action="" method="post" class="dashboard-widget-control-form">';
|
||||
wp_dashboard_trigger_widget_control( $meta_box['id'] );
|
||||
wp_nonce_field( 'edit-dashboard-widget_' . $meta_box['id'] );
|
||||
wp_nonce_field( 'edit-dashboard-widget_' . $meta_box['id'], 'dashboard-widget-nonce' );
|
||||
echo '<input type="hidden" name="widget_id" value="' . esc_attr($meta_box['id']) . '" />';
|
||||
submit_button( __('Submit') );
|
||||
echo '</form>';
|
||||
|
Loading…
Reference in New Issue
Block a user