From ae0482bf9b865e0b661d6ac7a65457e557a14442 Mon Sep 17 00:00:00 2001 From: Mike Jolley Date: Wed, 31 Aug 2011 14:40:02 +0100 Subject: [PATCH] Nonce field in admin, more query changes --- admin/admin-settings.php | 8 +++++++- woocommerce_query.php | 1 + 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/admin/admin-settings.php b/admin/admin-settings.php index 26f65976af1..a317a60ad29 100644 --- a/admin/admin-settings.php +++ b/admin/admin-settings.php @@ -544,6 +544,10 @@ $options_settings = apply_filters('woocommerce_options_settings', array( */ function woocommerce_update_options($options) { if(isset($_POST['submitted']) && $_POST['submitted'] == 'yes') { + + $nonce = $_REQUEST['_wpnonce']; + if (!wp_verify_nonce($nonce, 'woocommerce-settings') ) die( __('Action failed. Please refresh the page and retry.', 'woothemes') ); + foreach ($options as $value) { if (isset($value['id']) && $value['id']=='woocommerce_tax_rates') : @@ -645,7 +649,7 @@ function woocommerce_update_options($options) { do_action('woocommerce_update_options'); - echo '

'.__('Your settings have been saved.', 'woothemes').'

'; + wp_redirect( add_query_arg('saved', 'true', admin_url('admin.php?page=woocommerce') )); } } @@ -1004,9 +1008,11 @@ function woocommerce_admin_fields($options) { function woocommerce_settings() { global $options_settings; woocommerce_update_options( $options_settings ); + if (isset($_GET['saved']) && $_GET['saved']) echo '

'.__('Your settings have been saved.', 'woothemes').'

'; ?>
+
diff --git a/woocommerce_query.php b/woocommerce_query.php index 4fb631d1643..dc4cf4b39a0 100644 --- a/woocommerce_query.php +++ b/woocommerce_query.php @@ -109,6 +109,7 @@ function woocommerce_get_products_in_view() { 'post_type' => 'product', 'numberposts' => -1, 'post_status' => 'publish', + 'meta_query' => $woocommerce_query['meta_query'] ) ) );