Browse files

Namespace the dashboard widget nonce to avoid collisions with plugins.

git-svn-id: http://core.svn.wordpress.org/branches/3.4@23148 1a063a9b-81f0-0310-95a4-ce76da25c4cd
  • Loading branch information...
1 parent 1db09a2 commit b99ea12611fd056c397964b870554baaf4df958d @nacin nacin committed Dec 10, 2012
Showing with 2 additions and 2 deletions.
  1. +2 −2 wp-admin/includes/dashboard.php
View
4 wp-admin/includes/dashboard.php
@@ -131,7 +131,7 @@ function wp_dashboard_setup() {
}
if ( 'POST' == $_SERVER['REQUEST_METHOD'] && isset($_POST['widget_id']) ) {
- check_admin_referer( 'edit-dashboard-widget_' . $_POST['widget_id'] );
+ check_admin_referer( 'edit-dashboard-widget_' . $_POST['widget_id'], 'dashboard-widget-nonce' );
ob_start(); // hack - but the same hack wp-admin/widgets.php uses
wp_dashboard_trigger_widget_control( $_POST['widget_id'] );
ob_end_clean();
@@ -183,7 +183,7 @@ function wp_add_dashboard_widget( $widget_id, $widget_name, $callback, $control_
function _wp_dashboard_control_callback( $dashboard, $meta_box ) {
echo '<form action="" method="post" class="dashboard-widget-control-form">';
wp_dashboard_trigger_widget_control( $meta_box['id'] );
- wp_nonce_field( 'edit-dashboard-widget_' . $meta_box['id'] );
+ wp_nonce_field( 'edit-dashboard-widget_' . $meta_box['id'], 'dashboard-widget-nonce' );
echo '<input type="hidden" name="widget_id" value="' . esc_attr($meta_box['id']) . '" />';
submit_button( __('Submit') );
echo '</form>';

0 comments on commit b99ea12

Please sign in to comment.