Skip to content
Permalink
Browse files

Press This: Verify intent before fetching in-page resources using Pre…

…ss This.

Props vortfu

Built from https://develop.svn.wordpress.org/trunk@40195


git-svn-id: http://core.svn.wordpress.org/trunk@40134 1a063a9b-81f0-0310-95a4-ce76da25c4cd
  • Loading branch information...
johnbillion committed Mar 6, 2017
1 parent 288cd46 commit 263831a72d08556bc2f3a328673d95301a152829
Showing with 9 additions and 4 deletions.
  1. +8 −3 wp-admin/includes/class-wp-press-this.php
  2. +1 −1 wp-includes/version.php
@@ -718,7 +718,11 @@ public function merge_or_fetch_data() {
* making PT fully backward compatible with the older bookmarklet.
*/
if ( empty( $_POST ) && ! empty( $data['u'] ) ) {
$data = $this->source_data_fetch_fallback( $data['u'], $data );
if ( isset( $_GET['_wpnonce'] ) && wp_verify_nonce( $_GET['_wpnonce'], 'scan-site' ) ) {
$data = $this->source_data_fetch_fallback( $data['u'], $data );
} else {
$data['errors'] = 'missing nonce';
}
} else {
foreach ( array( '_images', '_embeds' ) as $type ) {
if ( empty( $_POST[ $type ] ) ) {
@@ -1235,7 +1239,7 @@ public function html() {
$site_data = array(
'v' => ! empty( $data['v'] ) ? $data['v'] : '',
'u' => ! empty( $data['u'] ) ? $data['u'] : '',
'hasData' => ! empty( $data ),
'hasData' => ! empty( $data ) && ! isset( $data['errors'] ),
);
if ( ! empty( $images ) ) {
@@ -1367,8 +1371,9 @@ public function html() {
<div id="scanbar" class="scan">
<form method="GET">
<label for="url-scan" class="screen-reader-text"><?php _e( 'Scan site for content' ); ?></label>
<input type="url" name="u" id="url-scan" class="scan-url" value="" placeholder="<?php esc_attr_e( 'Enter a URL to scan' ) ?>" />
<input type="url" name="u" id="url-scan" class="scan-url" value="<?php echo esc_attr( $site_data['u'] ) ?>" placeholder="<?php esc_attr_e( 'Enter a URL to scan' ) ?>" />
<input type="submit" name="url-scan-submit" id="url-scan-submit" class="scan-submit" value="<?php esc_attr_e( 'Scan' ) ?>" />
<?php wp_nonce_field( 'scan-site' ); ?>
</form>
</div>

@@ -4,7 +4,7 @@
*
* @global string $wp_version
*/
$wp_version = '4.8-alpha-40183';
$wp_version = '4.8-alpha-40195';
/**
* Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.

0 comments on commit 263831a

Please sign in to comment.
You can’t perform that action at this time.