X-Git-Url: https://scripts.mit.edu/gitweb/autoinstalls/wordpress.git/blobdiff_plain/3d39054f012aefe514b3f5509e32f09fc4feda44..073c5ed6408e2f00dc1863b463fe205467628905:/wp-admin/widgets.php

diff --git a/wp-admin/widgets.php b/wp-admin/widgets.php
index a9876b89..c70b1d1a 100644
--- a/wp-admin/widgets.php
+++ b/wp-admin/widgets.php
@@ -22,6 +22,8 @@ if ( ! current_user_can( 'edit_theme_options' ) ) {
 
 $widgets_access = get_user_setting( 'widgets_access' );
 if ( isset($_GET['widgets-access']) ) {
+	check_admin_referer( 'widgets-access' );
+
 	$widgets_access = 'on' == $_GET['widgets-access'] ? 'on' : 'off';
 	set_user_setting( 'widgets_access', $widgets_access );
 }