WordPress.org

Plugin Directory

Changeset 487730


Ignore:
Timestamp:
01/10/12 19:21:15 (2 years ago)
Author:
josephscott
Message:

Add a nonce check to the comment author URL remove feature

Fixes #1453

Location:
akismet/trunk
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • akismet/trunk/admin.php

    r485396 r487730  
    4545        wp_register_script( 'akismet.js', AKISMET_PLUGIN_URL . 'akismet.js', array('jquery'), '2.5.4.6' ); 
    4646        wp_enqueue_script( 'akismet.js' ); 
     47        wp_localize_script( 'akismet.js', 'WPAkismet', array( 
     48            'comment_author_url_nonce' => wp_create_nonce( 'comment_author_url_nonce' ) 
     49        ) ); 
    4750    } 
    4851} 
     
    709712// Adds an 'x' link next to author URLs, clicking will remove the author URL and show an undo link 
    710713function akismet_remove_comment_author_url() { 
    711     if (!empty($_POST['id'])) { 
     714    if ( !empty($_POST['id'] ) && check_admin_referer( 'comment_author_url_nonce' ) ) { 
    712715        global $wpdb; 
    713716        $comment = get_comment( intval($_POST['id']), ARRAY_A ); 
     
    724727 
    725728function akismet_add_comment_author_url() { 
    726     if (!empty($_POST['id']) && !empty($_POST['url'])) { 
     729    if ( !empty( $_POST['id'] ) && !empty( $_POST['url'] ) && check_admin_referer( 'comment_author_url_nonce' ) ) { 
    727730        global $wpdb; 
    728731        $comment = get_comment( intval($_POST['id']), ARRAY_A ); 
  • akismet/trunk/akismet.js

    r463809 r487730  
    2222        var data = { 
    2323            action: 'comment_author_deurl', 
     24            _wpnonce: WPAkismet.comment_author_url_nonce, 
    2425            id: thisId 
    2526        }; 
     
    4950        var data = { 
    5051            action: 'comment_author_reurl', 
     52            _wpnonce: WPAkismet.comment_author_url_nonce, 
    5153            id: thisId, 
    5254            url: thisUrl 
Note: See TracChangeset for help on using the changeset viewer.