Ticket #13383: msnonce.diff
File msnonce.diff, 3.3 KB (added by , 15 years ago) |
---|
-
wp-admin/ms-edit.php
141 141 exit(); 142 142 break; 143 143 case 'addblog': 144 check_admin_referer( 'add-blog' );144 check_admin_referer( 'add-blog', '_wpnonce_add-blog' ); 145 145 146 146 if ( ! current_user_can( 'manage_sites' ) ) 147 147 wp_die( __( 'You do not have permission to access this page.' ) ); … … 325 325 326 326 case 'allblogs': 327 327 if ( isset( $_POST['doaction']) || isset($_POST['doaction2'] ) ) { 328 check_admin_referer( 'bulk-ms-sites' );328 check_admin_referer( 'bulk-ms-sites', '_wpnonce_bulk-ms-sites' ); 329 329 330 330 if ( ! current_user_can( 'manage_sites' ) ) 331 331 wp_die( __( 'You do not have permission to access this page.' ) ); … … 507 507 wp_die( __( 'You do not have permission to access this page.' ) ); 508 508 509 509 if ( isset( $_POST['doaction']) || isset($_POST['doaction2'] ) ) { 510 check_admin_referer( 'bulk-ms-users' );510 check_admin_referer( 'bulk-ms-users', '_wpnonce_bulk-ms-users' ); 511 511 512 512 if ( $_GET['action'] != -1 || $_POST['action2'] != -1 ) 513 513 $doaction = $_POST['action'] != -1 ? $_POST['action'] : $_POST['action2']; … … 590 590 break; 591 591 592 592 case 'adduser': 593 check_admin_referer( 'add-user' );593 check_admin_referer( 'add-user', '_wpnonce_add-user' ); 594 594 if ( ! current_user_can( 'manage_network_users' ) ) 595 595 wp_die( __( 'You do not have permission to access this page.' ) ); 596 596 -
wp-admin/ms-sites.php
418 418 <option value="notspam"><?php _ex( 'Not Spam', 'site' ); ?></option> 419 419 </select> 420 420 <input type="submit" value="<?php esc_attr_e( 'Apply' ); ?>" name="doaction" id="doaction" class="button-secondary action" /> 421 <?php wp_nonce_field( 'bulk-ms-sites' ); ?>421 <?php wp_nonce_field( 'bulk-ms-sites', '_wpnonce_bulk-ms-sites' ); ?> 422 422 </div> 423 423 424 424 <?php if ( $page_links ) { ?> … … 679 679 <div id="form-add-site" class="wrap"> 680 680 <h3><?php _e( 'Add Site' ) ?></h3> 681 681 <form method="post" action="ms-edit.php?action=addblog"> 682 <?php wp_nonce_field( 'add-blog' ) ?>682 <?php wp_nonce_field( 'add-blog', '_wpnonce_add-blog' ) ?> 683 683 <table class="form-table"> 684 684 <tr class="form-field form-required"> 685 685 <th scope="row"><?php _e( 'Site Address' ) ?></th> -
wp-admin/ms-users.php
134 134 <option value="notspam"><?php _ex( 'Not Spam', 'user' ); ?></option> 135 135 </select> 136 136 <input type="submit" value="<?php esc_attr_e( 'Apply' ); ?>" name="doaction" id="doaction" class="button-secondary action" /> 137 <?php wp_nonce_field( 'bulk-ms-users' ); ?>137 <?php wp_nonce_field( 'bulk-ms-users', '_wpnonce_bulk-ms-users' ); ?> 138 138 </div> 139 139 140 140 <?php if ( $page_links ) { ?> … … 355 355 </tr> 356 356 </table> 357 357 <p class="submit"> 358 <?php wp_nonce_field( 'add-user' ) ?>358 <?php wp_nonce_field( 'add-user', '_wpnonce_add-user' ) ?> 359 359 <input class="button" type="submit" value="<?php esc_attr_e( 'Add user' ) ?>" /></p> 360 360 </form> 361 361 </div>