Changeset 1032 for trunk/bp-core/bp-core-avatars.php

Timestamp:

02/09/2009 06:52:51 AM (17 years ago)

Author:

apeatling

Message:

Added nonce security checks to all BuddyPress actions. Fixes #454

File:

• trunk/bp-core/bp-core-avatars.php (modified) (1 diff)

trunk/bp-core/bp-core-avatars.php

@@ -108 +108 @@
             echo '<span class="crop-img avatar">' . bp_core_get_avatar(get_current_user_id(), 1) . '</span>';
             echo '<span class="crop-img avatar">' . bp_core_get_avatar(get_current_user_id(), 2) . '</span>';
-            echo '<a href="' .  $delete_action . '">' . __( 'Delete', 'buddypress' ) . '</a>';
+            echo '<a href="' .  wp_nonce_url( $delete_action, 'bp_delete_avatar_link' ) . '">' . __( 'Delete', 'buddypress' ) . '</a>';
         }