Changeset 3814 for branches/plugin/bbp-admin/bbp-topics.php

Timestamp:

03/19/2012 07:31:01 PM (13 years ago)

Author:

johnjamesjacoby

Message:

Add nonces to admin area metabox saves, to avoid accidentally running save routines.

File:

• branches/plugin/bbp-admin/bbp-topics.php (modified) (2 diffs)

branches/plugin/bbp-admin/bbp-topics.php

@@ -291 +291 @@
      */
     function attributes_metabox_save( $topic_id ) {
-
+        
         // Bail if doing an autosave
         if ( defined( 'DOING_AUTOSAVE' ) && DOING_AUTOSAVE )
@@ -300 +300 @@
             return $topic_id;
 
+        // Nonce check
+        if ( empty( $_POST['bbp_topic_metabox'] ) || !wp_verify_nonce( $_POST['bbp_topic_metabox'], 'bbp_topic_metabox_save' ) )
+            return $topic_id;
+
         // Bail if post_type is not a topic
         if ( get_post_type( $topic_id ) != $this->post_type )
-            return;
+            return $topic_id;
 
         // Bail if current user cannot edit this topic