Plugin Directory

Changeset 692721


Ignore:
Timestamp:
04/06/2013 02:11:54 PM (12 years ago)
Author:
redwallhp
Message:

Added nonce to the Add/Edit page to prevent potential CSRF vulnerability.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • wp125/trunk/adminmenus.php

    r679459 r692721  
    120120
    121121<?php
    122 if ($_POST['Submit']) {
     122if ( $_POST['Submit'] && wp_verify_nonce($_POST['nonce_wp125_addedit'],'wp125_addedit') ) {
    123123$post_editedad = $wpdb->escape($_POST['editedad']);
    124124$post_adname = $wpdb->escape($_POST['adname']);
     
    165165
    166166<form method="post" action="admin.php?page=wp125_addedit">
     167<?php wp_nonce_field('wp125_addedit', 'nonce_wp125_addedit'); ?>
    167168<table class="form-table">
    168169
Note: See TracChangeset for help on using the changeset viewer.