From b4d65538844c0f276f7dcb3ff72fb8787716dbb4 Mon Sep 17 00:00:00 2001
From: Caleb Burks <19caleb95@gmail.com>
Date: Wed, 6 Nov 2019 01:09:01 -0600
Subject: [PATCH] Append ID to nonce action to make it more unique

---
 plugins/wporg-5ftf/includes/contributor.php   | 6 +++---
 plugins/wporg-5ftf/views/single-my-pledge.php | 4 ++--
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/plugins/wporg-5ftf/includes/contributor.php b/plugins/wporg-5ftf/includes/contributor.php
index b8953d1..ba96d12 100644
--- a/plugins/wporg-5ftf/includes/contributor.php
+++ b/plugins/wporg-5ftf/includes/contributor.php
@@ -322,19 +322,19 @@ function process_my_pledges_form() {
 	$message = '';
 	$status  = false;
 	if ( filter_input( INPUT_POST, 'join_organization' ) ) {
-		wp_verify_nonce( $nonce, 'join_decline_organization' ) || wp_nonce_ays( 'join_decline_organization' );
+		wp_verify_nonce( $nonce, 'join_decline_organization_' . $contributor_post_id ) || wp_nonce_ays( 'join_decline_organization' );
 
 		$status  = 'publish';
 		$message = "You have joined the pledge from {$pledge->post_title}.";
 
 	} elseif ( filter_input( INPUT_POST, 'decline_invitation' ) ) {
-		wp_verify_nonce( $nonce, 'join_decline_organization' ) || wp_nonce_ays( 'join_decline_organization' );
+		wp_verify_nonce( $nonce, 'join_decline_organization_' . $contributor_post_id ) || wp_nonce_ays( 'join_decline_organization' );
 
 		$status  = 'trash';
 		$message = "You have declined the pledge invitation from {$pledge->post_title}.";
 
 	} elseif ( filter_input( INPUT_POST, 'leave_organization' ) ) {
-		wp_verify_nonce( $nonce, 'leave_organization' ) || wp_nonce_ays( 'leave_organization' );
+		wp_verify_nonce( $nonce, 'leave_organization_' . $contributor_post_id ) || wp_nonce_ays( 'leave_organization' );
 
 		$status  = 'trash';
 		$message = "You have left the {$pledge->post_title} pledge.";
diff --git a/plugins/wporg-5ftf/views/single-my-pledge.php b/plugins/wporg-5ftf/views/single-my-pledge.php
index e813487..80136b3 100644
--- a/plugins/wporg-5ftf/views/single-my-pledge.php
+++ b/plugins/wporg-5ftf/views/single-my-pledge.php
@@ -44,7 +44,7 @@ namespace WordPressDotOrg\FiveForTheFuture\View;
 			<input type="hidden" name="contributor_post_id" value="<?php echo esc_attr( $contributor_post->ID ); ?>" />
 
 			<?php if ( 'pending' === $contributor_post->post_status ) : ?>
-				<?php wp_nonce_field( 'join_decline_organization' ); ?>
+				<?php wp_nonce_field( 'join_decline_organization_' . $contributor_post->ID ); ?>
 
 				<input
 					type="submit"
@@ -61,7 +61,7 @@ namespace WordPressDotOrg\FiveForTheFuture\View;
 				/>
 
 			<?php elseif ( 'publish' === $contributor_post->post_status ) : ?>
-				<?php wp_nonce_field( 'leave_organization' ); ?>
+				<?php wp_nonce_field( 'leave_organization_' . $contributor_post->ID ); ?>
 
 				<input
 					type="submit"