Skip to content
Permalink
Browse files

Add nonce for widget accessibility mode.

Props vortfu.

See #23328.


Built from https://develop.svn.wordpress.org/trunk@39760


git-svn-id: http://core.svn.wordpress.org/trunk@39698 1a063a9b-81f0-0310-95a4-ce76da25c4cd
  • Loading branch information...
aaroncampbell committed Jan 11, 2017
1 parent 5eb452d commit 03e5c0314aeffe6b27f4b98fef842bf0fb00c733
Showing with 5 additions and 2 deletions.
  1. +2 −1 wp-admin/includes/class-wp-screen.php
  2. +2 −0 wp-admin/widgets.php
  3. +1 −1 wp-includes/version.php
@@ -915,7 +915,8 @@ public function show_screen_options() {
switch ( $this->base ) {
case 'widgets':
$this->_screen_settings = '<p><a id="access-on" href="widgets.php?widgets-access=on">' . __('Enable accessibility mode') . '</a><a id="access-off" href="widgets.php?widgets-access=off">' . __('Disable accessibility mode') . "</a></p>\n";
$nonce = wp_create_nonce( 'widgets-access' );
$this->_screen_settings = '<p><a id="access-on" href="widgets.php?widgets-access=on&_wpnonce=' . urlencode( $nonce ) . '">' . __('Enable accessibility mode') . '</a><a id="access-off" href="widgets.php?widgets-access=off&_wpnonce=' . urlencode( $nonce ) . '">' . __('Disable accessibility mode') . "</a></p>\n";
break;
case 'post' :
$expand = '<fieldset class="editor-expand hidden"><legend>' . __( 'Additional settings' ) . '</legend><label for="editor-expand-toggle">';
@@ -22,6 +22,8 @@
$widgets_access = get_user_setting( 'widgets_access' );
if ( isset($_GET['widgets-access']) ) {
check_admin_referer( 'widgets-access' );
$widgets_access = 'on' == $_GET['widgets-access'] ? 'on' : 'off';
set_user_setting( 'widgets_access', $widgets_access );
}
@@ -4,7 +4,7 @@
*
* @global string $wp_version
*/
$wp_version = '4.8-alpha-39759';
$wp_version = '4.8-alpha-39760';
/**
* Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.

0 comments on commit 03e5c03

Please sign in to comment.
You can’t perform that action at this time.