Ticket #2678: 2678-posts-cats.diff

File 2678-posts-cats.diff, 2.8 KB (added by mdawaffe, 6 years ago)

Nonces for post deletion from post.php and category deletion from Manage->Categories

  • wp-admin/admin-functions.php

     
    656656                                        $default_link_cat_id = get_option('default_link_category'); 
    657657 
    658658                                        if ( ($category->cat_ID != $default_cat_id) && ($category->cat_ID != $default_link_cat_id) ) 
    659                                                 $edit .= "<td><a href='categories.php?action=delete&amp;cat_ID=$category->cat_ID' onclick=\"return deleteSomething( 'cat', $category->cat_ID, '".sprintf(__("You are about to delete the category &quot;%s&quot;.\\nAll of its posts will go into the default category of &quot;%s&quot;\\nAll of its bookmarks will go into the default category of &quot;%s&quot;.\\n&quot;OK&quot; to delete, &quot;Cancel&quot; to stop."), addslashes($category->cat_name), addslashes(wp_specialchars(get_catname($default_cat_id),'double')), addslashes(wp_specialchars(get_catname($default_link_cat_id),'double')))."' );\" class='delete'>".__('Delete')."</a>"; 
     659                                                $edit .= "<td><a href='" . wp_nonce_url("categories.php?action=delete&amp;cat_ID=$category->cat_ID", 'delete-category' . $category->cat_ID ) . "' onclick=\"return deleteSomething( 'cat', $category->cat_ID, '" . sprintf(__("You are about to delete the category &quot;%s&quot;.\\nAll of its posts will go into the default category of &quot;%s&quot;\\nAll of its bookmarks will go into the default category of &quot;%s&quot;.\\n&quot;OK&quot; to delete, &quot;Cancel&quot; to stop."), addslashes($category->cat_name), js_escape(get_catname($default_cat_id)), js_escape(get_catname($default_link_cat_id))) . "' );\" class='delete'>".__('Delete')."</a>"; 
    660660                                        else 
    661661                                                $edit .= "<td style='text-align:center'>".__("Default"); 
    662662                                } 

  • wp-admin/edit-form-advanced.php

     
    220220 
    221221</div> 
    222222 
    223 <?php if ('edit' == $action) : ?> 
    224 <input name="deletepost" class="button" type="submit" id="deletepost" tabindex="10" value="<?php _e('Delete this post') ?>" <?php echo "onclick=\"return confirm('" . sprintf(__("You are about to delete this post \'%s\'\\n  \'Cancel\' to stop, \'OK\' to delete."), addslashes($post->post_title) ) . "')\""; ?> /> 
     223<?php if ('edit' == $action) : $delete_nonce = wp_create_nonce( 'delete-post' . $post_ID ); ?> 
     224<input name="deletepost" class="button" type="submit" id="deletepost" tabindex="10" value="<?php _e('Delete this post') ?>" <?php echo "onclick=\"if ( confirm('" . sprintf(__("You are about to delete this post \'%s\'\\n  \'Cancel\' to stop, \'OK\' to delete."), addslashes($post->post_title) ) . "') ) { document.forms.post._wpnonce.value = '$delete_nonce'; return true;}\""; ?> /> 
    225225<?php endif; ?> 
    226226 
    227227</div>