WordPress.org

Plugin Directory

Changeset 799746


Ignore:
Timestamp:
11/06/13 10:36:23 (6 months ago)
Author:
donncha
Message:

Added a nonce to the ratings settings page to avoid CSRF problem on that page.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • polldaddy/trunk/polldaddy.php

    r792441 r799746  
    36753675 
    36763676        if ( isset( $_POST[ 'pd_rating_action_type' ] ) ) { 
     3677            check_admin_referer( 'action-rating_settings_' . $_POST[ 'pd_rating_action_type' ] ); 
    36773678 
    36783679            switch ( $_POST[ 'pd_rating_action_type' ]  ) { 
     
    37863787            <form action="" method="post"> 
    37873788            <input type="hidden" name="pd_rating_action_type" value="<?php echo $report_type; ?>" /> 
     3789<?php wp_nonce_field( 'action-rating_settings_' . $report_type ); ?> 
    37883790            <table class="form-table" style="width: normal;"> 
    37893791              <tbody><?php 
Note: See TracChangeset for help on using the changeset viewer.