Changeset 803811
- Timestamp:
- 11/13/2013 02:04:35 PM (12 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
jetpack/trunk/modules/contact-form/grunion-contact-form.php
r803170 r803811 136 136 $id = stripslashes( $_POST['contact-form-id'] ); 137 137 138 check_admin_referer( "contact-form_{$id}" ); 138 if ( is_user_logged_in() ) { 139 check_admin_referer( "contact-form_{$id}" ); 140 } 139 141 140 142 $is_widget = 0 === strpos( $id, 'widget-' ); … … 877 879 $r .= "\t<p class='contact-submit'>\n"; 878 880 $r .= "\t\t<input type='submit' value='" . esc_attr( $form->get_attribute( 'submit_button_text' ) ) . "' class='pushbutton-wide'/>\n"; 879 $r .= "\t\t" . wp_nonce_field( 'contact-form_' . $id, '_wpnonce', true, false ) . "\n"; // nonce and referer 881 if ( is_user_logged_in() ) { 882 $r .= "\t\t" . wp_nonce_field( 'contact-form_' . $id, '_wpnonce', true, false ) . "\n"; // nonce and referer 883 } 880 884 $r .= "\t\t<input type='hidden' name='contact-form-id' value='$id' />\n"; 881 885 $r .= "\t\t<input type='hidden' name='action' value='grunion-contact-form' />\n";
Note: See TracChangeset
for help on using the changeset viewer.