X-Git-Url: https://scripts.mit.edu/gitweb/autoinstalls/wordpress.git/blobdiff_plain/16e7b37c7914d753890c1a05a9335f3b43751eb8..refs/tags/wordpress-4.7.1:/wp-admin/widgets.php

diff --git a/wp-admin/widgets.php b/wp-admin/widgets.php
index e1ae0913..6e0aee1b 100644
--- a/wp-admin/widgets.php
+++ b/wp-admin/widgets.php
@@ -22,6 +22,8 @@ if ( ! current_user_can( 'edit_theme_options' ) ) {
 
 $widgets_access = get_user_setting( 'widgets_access' );
 if ( isset($_GET['widgets-access']) ) {
+	check_admin_referer( 'widgets-access' );
+
 	$widgets_access = 'on' == $_GET['widgets-access'] ? 'on' : 'off';
 	set_user_setting( 'widgets_access', $widgets_access );
 }