Changeset 11869

Timestamp:

02/28/2018 07:25:26 PM (8 years ago)

Author:

dcavins

Message:

Notices Admin List: Add create-specific nonce.

Add a nonce and nonce check that applies only to the creation of new notices.

File:

• trunk/src/bp-messages/classes/class-bp-messages-notices-admin.php (modified) (2 diffs)

trunk/src/bp-messages/classes/class-bp-messages-notices-admin.php

@@ -116 +116 @@
     public function admin_load() {
         if ( ! empty( $_POST['bp_notice']['send'] ) ) {
+
+            check_admin_referer( 'new-notice', 'ns-nonce' );
+
             $notice = wp_parse_args( $_POST['bp_notice'], array(
                 'subject' => '',
@@ -162 +165 @@
             <?php endif; ?>
 
-            <form action=<?php echo esc_url( $this->url ); ?> method="post">
+            <form action=<?php echo esc_url( wp_nonce_url( $this->url, 'new-notice', 'ns-nonce' ) ); ?> method="post">
                 <table class="widefat">
                     <tr>