Steve-Dee-Designs
/
woocommerce
mirror of https://github.com/woocommerce/woocommerce.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Unique nonce names 

@claudiosmweb Fixes #11068
This commit is contained in:
Mike Jolley 2016-06-08 13:19:30 +01:00
parent 56520cd8bc
commit b569bd2caa
2 changed files with 10 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
includes/class-wc-form-handler.php
View File

@ -853,7 +853,10 @@ class WC_Form_Handler {
* Process the login form.
*/
public static function process_login() {
if ( ! empty( $_POST['login'] ) && ! empty( $_POST['_wpnonce'] ) && wp_verify_nonce( $_POST['_wpnonce'], 'woocommerce-login' ) ) {
$nonce_value = isset( $_POST['_wpnonce'] ) ? $_POST['_wpnonce'] : '';
$nonce_value = isset( $_POST['woocommerce-login-nonce'] ) ? $_POST['woocommerce-login-nonce'] : $nonce_value;
if ( ! empty( $_POST['login'] ) && wp_verify_nonce( $nonce_value, 'woocommerce-login' ) ) {
try {
$creds = array();
@ -980,7 +983,10 @@ class WC_Form_Handler {
* Process the registration form.
*/
public static function process_registration() {
if ( ! empty( $_POST['register'] ) && isset( $_POST['_wpnonce'] ) && wp_verify_nonce( $_POST['_wpnonce'], 'woocommerce-register' ) ) {
$nonce_value = isset( $_POST['_wpnonce'] ) ? $_POST['_wpnonce'] : '';
$nonce_value = isset( $_POST['woocommerce-register-nonce'] ) ? $_POST['woocommerce-register-nonce'] : $nonce_value;
if ( ! empty( $_POST['register'] ) && wp_verify_nonce( $nonce_value, 'woocommerce-register' ) ) {
$username = 'no' === get_option( 'woocommerce_registration_generate_username' ) ? $_POST['username'] : '';
$password = 'no' === get_option( 'woocommerce_registration_generate_password' ) ? $_POST['password'] : '';
$email = $_POST['email'];

4
templates/myaccount/form-login.php
View File

@ -52,7 +52,7 @@ if ( ! defined( 'ABSPATH' ) ) {
<?php do_action( 'woocommerce_login_form' ); ?>
<p class="form-row">
<?php wp_nonce_field( 'woocommerce-login' ); ?>
<?php wp_nonce_field( 'woocommerce-login', 'woocommerce-login-nonce' ); ?>
<input type="submit" class="woocommerce-Button button" name="login" value="<?php esc_attr_e( 'Login', 'woocommerce' ); ?>" />
<label for="rememberme" class="inline">
<input class="woocommerce-Input woocommerce-Input--checkbox" name="rememberme" type="checkbox" id="rememberme" value="forever" /> <?php _e( 'Remember me', 'woocommerce' ); ?>
@ -108,7 +108,7 @@ if ( ! defined( 'ABSPATH' ) ) {
<?php do_action( 'register_form' ); ?>
<p class="woocomerce-FormRow form-row">
<?php wp_nonce_field( 'woocommerce-register' ); ?>
<?php wp_nonce_field( 'woocommerce-register', 'woocommerce-register-nonce' ); ?>
<input type="submit" class="woocommerce-Button button" name="register" value="<?php esc_attr_e( 'Register', 'woocommerce' ); ?>" />
</p>