Get WordPress

Plugin Directory

Changeset 762552

Timestamp:
08/26/2013 06:33:49 PM (11 years ago)
Author:
tmoorewp
Message:

Jetpack: Subscriptions: Run the nonce function for all users, not just logged in users, on the subscriptions widget.

File:
1 edited

Legend:

Unmodified
Added
Removed

  • jetpack/trunk/modules/subscriptions.php

    r762486 r762552  
    371371    function widget_submit() {
    372372        // Check the nonce.
    373         if ( is_user_logged_in() ) {
    374             check_admin_referer( 'blogsub_subscribe_' . get_current_blog_id() );
    375         }
     373        check_admin_referer( 'blogsub_subscribe_' . get_current_blog_id() );
    376374
    377375        if ( empty( $_REQUEST['email'] ) )
     
    532530        $source = 'widget';
    533531
    534         extract( $args );
    535 
    536532        $instance               = wp_parse_args( (array) $instance, $this->defaults() );
    537533        $title                  = isset( $instance['title'] )               ? stripslashes( $instance['title'] )               : '';
     
    546542
    547543        echo $args['before_widget'];
    548         echo $args['before_title'] . '<label for="subscribe-field">' . esc_attr( $instance['title'] ) . '</label>' . $args['after_title'] . "\n";
     544        echo $args['before_title'] . '<label for="subscribe-field">' . esc_attr( ) . '</label>' . $args['after_title'] . "\n";
    549545
    550546        $referer = ( is_ssl() ? 'https' : 'http' ) . '://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'];
     
    596592                <input type="hidden" name="sub-type" value="<?php echo esc_attr( $source ); ?>" />
    597593                <input type="hidden" name="redirect_fragment" value="<?php echo esc_attr( $widget_id ); ?>" />
    598                 <?php
    599                     if ( is_user_logged_in() ) {
    600                         wp_nonce_field( 'blogsub_subscribe_'. get_current_blog_id(), '_wpnonce', false );
    601                     }
    602                 ?>
     594                <?php wp_nonce_field( 'blogsub_subscribe_'. get_current_blog_id(), '_wpnonce', false ); ?>
    603595                <input type="submit" value="<?php echo esc_attr( $subscribe_button ); ?>" name="jetpack_subscriptions_widget" />
    604596            </p>
Note: See TracChangeset for help on using the changeset viewer.