Changeset 560101

Timestamp:

06/18/2012 06:41:47 PM (14 years ago)

Author:

jrking4

Message:

 

Location:

masquerade/trunk

Files:

• masquerade.php (modified) (3 diffs)
• readme.txt (modified) (2 diffs)

masquerade/trunk/masquerade.php

@@ -4 +4 @@
 Plugin URI: http://castle-creative.com/
 Description: Adds a link to users.php that allows an administrator to login as that user without knowing the password.
-Version: 1.0
+Version: 1.01
 Author: JR King
 Author URI: http://castle-creative.com/
@@ -49 +49 @@
                     var data = {
                         action: 'masq_user',
+                        wponce: '<?php echo wp_create_nonce('masq_once')?>',
                         uid: uid
                     }
@@ -64 +65 @@
     add_action('wp_ajax_masq_user', 'ajax_masq_login');
         function ajax_masq_login() {
+            $wponce=$_POST['wponce'];
+            if (! wp_verify_nonce($wponce, 'masq_once') ) wp_die('Security check');
             $uid = (int)($_POST['uid']);
             $user_info = get_userdata($uid);

masquerade/trunk/readme.txt

@@ -6 +6 @@
 Requires at least: 2.8
 Tested up to: 3.3.2
-Stable tag: 1.0
+Stable tag: 1.01
 License: General Public License version 2
 
@@ -28 +28 @@
 == Change Log ==
 
+= 1.01 =
+* Added nonce security check to POST request
+
 = 1.0 =
 * First stable release