diff options
| author | Jonathan Desrosiers <desrosj@git.wordpress.org> | 2020-10-29 18:06:18 +0000 |
|---|---|---|
| committer | Jonathan Desrosiers <desrosj@git.wordpress.org> | 2020-10-29 18:06:18 +0000 |
| commit | cbcc595974d5aaa025ca55625bf68ef286bd8b41 (patch) | |
| tree | 4def4fdd14c2448c17f3ae90ef1f923bc4611bdb /src | |
| parent | d5ddd6d4be1bc9fd16b7796842e6fb26315705ad (diff) | |
| download | wordpress-cbcc595974d5aaa025ca55625bf68ef286bd8b41.tar.gz wordpress-cbcc595974d5aaa025ca55625bf68ef286bd8b41.zip | |
Themes: Ensure that only privileged users can set a background image when a theme is using the deprecated custom background page.
Props xknown, zieladam, peterwilsoncc, whyisjake.
Merges [49379] to trunk.
git-svn-id: https://develop.svn.wordpress.org/trunk@49388 602fd350-edb4-49c9-b593-d223f7449a82
Diffstat (limited to 'src')
| -rw-r--r-- | src/js/_enqueues/admin/custom-background.js | 2 | ||||
| -rw-r--r-- | src/js/_enqueues/deprecated/media-gallery.js | 4 | ||||
| -rw-r--r-- | src/wp-admin/includes/class-custom-background.php | 2 |
3 files changed, 7 insertions, 1 deletions
diff --git a/src/js/_enqueues/admin/custom-background.js b/src/js/_enqueues/admin/custom-background.js index a08fb96c47..7f57d8a9b4 100644 --- a/src/js/_enqueues/admin/custom-background.js +++ b/src/js/_enqueues/admin/custom-background.js @@ -126,11 +126,13 @@ frame.on( 'select', function() { // Grab the selected attachment. var attachment = frame.state().get('selection').first(); + var nonceValue = $( '#_wpnonce' ).val() || ''; // Run an Ajax request to set the background image. $.post( ajaxurl, { action: 'set-background-image', attachment_id: attachment.id, + _ajax_nonce: nonceValue, size: 'full' }).done( function() { // When the request completes, reload the window. diff --git a/src/js/_enqueues/deprecated/media-gallery.js b/src/js/_enqueues/deprecated/media-gallery.js index 7fe77a64ee..e96222c67a 100644 --- a/src/js/_enqueues/deprecated/media-gallery.js +++ b/src/js/_enqueues/deprecated/media-gallery.js @@ -11,7 +11,7 @@ jQuery(function($) { * Adds a click event handler to the element with a 'wp-gallery' class. */ $( 'body' ).bind( 'click.wp-gallery', function(e) { - var target = $( e.target ), id, img_size; + var target = $( e.target ), id, img_size, nonceValue; if ( target.hasClass( 'wp-set-header' ) ) { // Opens the image to preview it full size. @@ -21,6 +21,7 @@ jQuery(function($) { // Sets the image as background of the theme. id = target.data( 'attachment-id' ); img_size = $( 'input[name="attachments[' + id + '][image-size]"]:checked').val(); + nonceValue = $( '#_wpnonce' ).val() && ''; /** * This Ajax action has been deprecated since 3.5.0, see custom-background.php @@ -28,6 +29,7 @@ jQuery(function($) { jQuery.post(ajaxurl, { action: 'set-background-image', attachment_id: id, + _ajax_nonce: nonceValue, size: img_size }, function() { var win = window.dialogArguments || opener || parent || top; diff --git a/src/wp-admin/includes/class-custom-background.php b/src/wp-admin/includes/class-custom-background.php index b62db4fb05..bc3c082bc3 100644 --- a/src/wp-admin/includes/class-custom-background.php +++ b/src/wp-admin/includes/class-custom-background.php @@ -581,6 +581,8 @@ class Custom_Background { * @deprecated 3.5.0 */ public function wp_set_background_image() { + check_ajax_referer( 'custom-background' ); + if ( ! current_user_can( 'edit_theme_options' ) || ! isset( $_POST['attachment_id'] ) ) { exit; } |