diff options
| -rw-r--r-- | src/js/_enqueues/admin/custom-background.js | 2 | ||||
| -rw-r--r-- | src/js/_enqueues/deprecated/media-gallery.js | 4 | ||||
| -rw-r--r-- | src/wp-admin/includes/class-custom-background.php | 2 |
3 files changed, 7 insertions, 1 deletions
diff --git a/src/js/_enqueues/admin/custom-background.js b/src/js/_enqueues/admin/custom-background.js index a08fb96c47..7f57d8a9b4 100644 --- a/src/js/_enqueues/admin/custom-background.js +++ b/src/js/_enqueues/admin/custom-background.js @@ -126,11 +126,13 @@ frame.on( 'select', function() { // Grab the selected attachment. var attachment = frame.state().get('selection').first(); + var nonceValue = $( '#_wpnonce' ).val() || ''; // Run an Ajax request to set the background image. $.post( ajaxurl, { action: 'set-background-image', attachment_id: attachment.id, + _ajax_nonce: nonceValue, size: 'full' }).done( function() { // When the request completes, reload the window. diff --git a/src/js/_enqueues/deprecated/media-gallery.js b/src/js/_enqueues/deprecated/media-gallery.js index 7fe77a64ee..e96222c67a 100644 --- a/src/js/_enqueues/deprecated/media-gallery.js +++ b/src/js/_enqueues/deprecated/media-gallery.js @@ -11,7 +11,7 @@ jQuery(function($) { * Adds a click event handler to the element with a 'wp-gallery' class. */ $( 'body' ).bind( 'click.wp-gallery', function(e) { - var target = $( e.target ), id, img_size; + var target = $( e.target ), id, img_size, nonceValue; if ( target.hasClass( 'wp-set-header' ) ) { // Opens the image to preview it full size. @@ -21,6 +21,7 @@ jQuery(function($) { // Sets the image as background of the theme. id = target.data( 'attachment-id' ); img_size = $( 'input[name="attachments[' + id + '][image-size]"]:checked').val(); + nonceValue = $( '#_wpnonce' ).val() && ''; /** * This Ajax action has been deprecated since 3.5.0, see custom-background.php @@ -28,6 +29,7 @@ jQuery(function($) { jQuery.post(ajaxurl, { action: 'set-background-image', attachment_id: id, + _ajax_nonce: nonceValue, size: img_size }, function() { var win = window.dialogArguments || opener || parent || top; diff --git a/src/wp-admin/includes/class-custom-background.php b/src/wp-admin/includes/class-custom-background.php index b62db4fb05..bc3c082bc3 100644 --- a/src/wp-admin/includes/class-custom-background.php +++ b/src/wp-admin/includes/class-custom-background.php @@ -581,6 +581,8 @@ class Custom_Background { * @deprecated 3.5.0 */ public function wp_set_background_image() { + check_ajax_referer( 'custom-background' ); + if ( ! current_user_can( 'edit_theme_options' ) || ! isset( $_POST['attachment_id'] ) ) { exit; } |