WordPress.org
Get WordPress

Plugin Directory

Changeset 2750803


Ignore:
Timestamp:
07/01/2022 01:54:20 PM (4 years ago)
Author:
linkworth
Message:

added nonce

File:
1 edited

Legend:

Unmodified
Added
Removed

  • linkworth-wp-plugin/trunk/lw_includes/LinkWorth_admin.php

    r561990 r2750803  
    2121
    2222    //UPDATE DEALS
    23     if( isset( $_POST['lw_update_deal_list'] ) )
     23    if( isset( $_POST['lw_update_deal_list'] ) && wp_verify_nonce($_POST['update_general_settings_field'], 'update_general_settings_action') )
    2424    {
    2525        update_option( 'lw_cache_time', 0 );
     
    3232
    3333    //DELETE SETTINGS
    34     if( isset( $_POST['lw_delete_settings'] ) )
     34    if( isset( $_POST['lw_delete_settings'] ) && wp_verify_nonce($_POST['update_advanced_options_field'], 'update_advanced_options_action') )
    3535    {
    3636        delete_option('lw_linkintxts');
     
    4646        $billboard_base = 'pages';
    4747    }
    48     elseif( isset( $_POST['lw_update_settings'] ) )
     48    elseif( isset( $_POST['lw_update_settings'] ) && wp_verify_nonce($_POST['update_advanced_options_field'], 'update_advanced_options_action') )
    4949    {
    5050        //PROCESS POST BEFOR UPDATING
     
    426426        <p style="display:inline-block; margin-top:0;"><small><em>(Overview of published adverts.)</em></small></p>
    427427        <p>Information listed here has been generated based on the lists of approved ads in your LinkWorth account on our servers.</p>
    428        
     428
    429429        <table cellspacing="0" cellpadding="0" class="widefat">
    430430            <thead>
     
    618618                </tr>
    619619            </table>
     620            <?php wp_nonce_field( 'update_general_settings_action', 'update_general_settings_field' ); ?>
    620621            </form>
    621622        </fieldset>
     
    663664        <div id="message" class="updated fade">
    664665            <p style="font-weight:bold;">
    665                 Your theme has <?php echo $loop_count ?> loop. 
     666                Your theme has <?php echo $loop_count ?> loop.
    666667                If you do not have a static page as your home page, your theme could be using more then one instance of 'The Loop.'
    667668                The number of loops could be higher then <?php echo $loop_count ?>.
     
    770771
    771772            <input type="hidden" name="updating_advanced_options" value="1" />
     773            <?php wp_nonce_field( 'update_advanced_options_action', 'update_advanced_options_field' ); ?>
    772774            </form>
    773775        </fieldset>
Note: See TracChangeset for help on using the changeset viewer.