Ticket #21194: 21194v4.patch
File 21194v4.patch, 10.4 KB (added by , 12 years ago) |
---|
-
wp-includes/link-template.php
971 971 972 972 $delete_link = add_query_arg( 'action', $action, admin_url( sprintf( $post_type_object->_edit_link, $post->ID ) ) ); 973 973 974 return apply_filters( 'get_delete_post_link', wp_nonce_url( $delete_link, "$action- {$post->post_type}_{$post->ID}" ), $post->ID, $force_delete );974 return apply_filters( 'get_delete_post_link', wp_nonce_url( $delete_link, "$action-post_{$post->ID}" ), $post->ID, $force_delete ); 975 975 } 976 976 977 977 /** -
wp-admin/includes/class-wp-posts-list-table.php
540 540 } 541 541 if ( current_user_can( $post_type_object->cap->delete_post, $post->ID ) ) { 542 542 if ( 'trash' == $post->post_status ) 543 $actions['untrash'] = "<a title='" . esc_attr( __( 'Restore this item from the Trash' ) ) . "' href='" . wp_nonce_url( admin_url( sprintf( $post_type_object->_edit_link . '&action=untrash', $post->ID ) ), 'untrash- ' . $post->post_type . '_' . $post->ID ) . "'>" . __( 'Restore' ) . "</a>";543 $actions['untrash'] = "<a title='" . esc_attr( __( 'Restore this item from the Trash' ) ) . "' href='" . wp_nonce_url( admin_url( sprintf( $post_type_object->_edit_link . '&action=untrash', $post->ID ) ), 'untrash-post_' . $post->ID ) . "'>" . __( 'Restore' ) . "</a>"; 544 544 elseif ( EMPTY_TRASH_DAYS ) 545 545 $actions['trash'] = "<a class='submitdelete' title='" . esc_attr( __( 'Move this item to the Trash' ) ) . "' href='" . get_delete_post_link( $post->ID ) . "'>" . __( 'Trash' ) . "</a>"; 546 546 if ( 'trash' == $post->post_status || !EMPTY_TRASH_DAYS ) -
wp-admin/includes/class-wp-media-list-table.php
359 359 $actions['edit'] = '<a href="' . get_edit_post_link( $post->ID, true ) . '">' . __( 'Edit' ) . '</a>'; 360 360 if ( current_user_can( 'delete_post', $post->ID ) ) 361 361 if ( EMPTY_TRASH_DAYS && MEDIA_TRASH ) { 362 $actions['trash'] = "<a class='submitdelete' href='" . wp_nonce_url( "post.php?action=trash&post=$post->ID", 'trash- attachment_' . $post->ID ) . "'>" . __( 'Trash' ) . "</a>";362 $actions['trash'] = "<a class='submitdelete' href='" . wp_nonce_url( "post.php?action=trash&post=$post->ID", 'trash-post_' . $post->ID ) . "'>" . __( 'Trash' ) . "</a>"; 363 363 } else { 364 364 $delete_ays = !MEDIA_TRASH ? " onclick='return showNotice.warn();'" : ''; 365 $actions['delete'] = "<a class='submitdelete'$delete_ays href='" . wp_nonce_url( "post.php?action=delete&post=$post->ID", 'delete- attachment_' . $post->ID ) . "'>" . __( 'Delete Permanently' ) . "</a>";365 $actions['delete'] = "<a class='submitdelete'$delete_ays href='" . wp_nonce_url( "post.php?action=delete&post=$post->ID", 'delete-post_' . $post->ID ) . "'>" . __( 'Delete Permanently' ) . "</a>"; 366 366 } 367 367 $actions['view'] = '<a href="' . get_permalink( $post->ID ) . '" title="' . esc_attr( sprintf( __( 'View “%s”' ), $att_title ) ) . '" rel="permalink">' . __( 'View' ) . '</a>'; 368 368 if ( current_user_can( 'edit_post', $post->ID ) ) … … 373 373 $actions['edit'] = '<a href="' . get_edit_post_link( $post->ID, true ) . '">' . __( 'Edit' ) . '</a>'; 374 374 if ( current_user_can( 'delete_post', $post->ID ) ) { 375 375 if ( $this->is_trash ) 376 $actions['untrash'] = "<a class='submitdelete' href='" . wp_nonce_url( "post.php?action=untrash&post=$post->ID", 'untrash- attachment_' . $post->ID ) . "'>" . __( 'Restore' ) . "</a>";376 $actions['untrash'] = "<a class='submitdelete' href='" . wp_nonce_url( "post.php?action=untrash&post=$post->ID", 'untrash-post_' . $post->ID ) . "'>" . __( 'Restore' ) . "</a>"; 377 377 elseif ( EMPTY_TRASH_DAYS && MEDIA_TRASH ) 378 $actions['trash'] = "<a class='submitdelete' href='" . wp_nonce_url( "post.php?action=trash&post=$post->ID", 'trash- attachment_' . $post->ID ) . "'>" . __( 'Trash' ) . "</a>";378 $actions['trash'] = "<a class='submitdelete' href='" . wp_nonce_url( "post.php?action=trash&post=$post->ID", 'trash-post_' . $post->ID ) . "'>" . __( 'Trash' ) . "</a>"; 379 379 if ( $this->is_trash || !EMPTY_TRASH_DAYS || !MEDIA_TRASH ) { 380 380 $delete_ays = ( !$this->is_trash && !MEDIA_TRASH ) ? " onclick='return showNotice.warn();'" : ''; 381 $actions['delete'] = "<a class='submitdelete'$delete_ays href='" . wp_nonce_url( "post.php?action=delete&post=$post->ID", 'delete- attachment_' . $post->ID ) . "'>" . __( 'Delete Permanently' ) . "</a>";381 $actions['delete'] = "<a class='submitdelete'$delete_ays href='" . wp_nonce_url( "post.php?action=delete&post=$post->ID", 'delete-post_' . $post->ID ) . "'>" . __( 'Delete Permanently' ) . "</a>"; 382 382 } 383 383 } 384 384 if ( !$this->is_trash ) { -
wp-admin/includes/ajax-actions.php
1727 1727 elseif ( isset( $_POST['post_type'] ) && post_type_exists( $_POST['post_type'] ) ) 1728 1728 $post_type = $_POST['post_type']; 1729 1729 1730 check_ajax_referer('update- ' . $post_type . '_' . $post_id, '_wpnonce');1730 check_ajax_referer('update-post_' . $post_id, '_wpnonce'); 1731 1731 1732 1732 $post_id = edit_post(); 1733 1733 … … 1769 1769 if ( ! $post = get_post( $post_id ) ) 1770 1770 wp_die( 0 ); 1771 1771 1772 check_ajax_referer( 'update- ' . $post->post_type . '_' . $post_id );1772 check_ajax_referer( 'update-post_' . $post_id ); 1773 1773 1774 1774 if ( ! current_user_can( 'edit_post', $post_id ) ) 1775 1775 wp_die( -1 ); -
wp-admin/includes/media.php
1160 1160 $send = get_submit_button( __( 'Insert into Post' ), 'button', "send[$attachment_id]", false ); 1161 1161 if ( $delete && current_user_can( 'delete_post', $attachment_id ) ) { 1162 1162 if ( !EMPTY_TRASH_DAYS ) { 1163 $delete = "<a href='" . wp_nonce_url( "post.php?action=delete&post=$attachment_id", 'delete- attachment_' . $attachment_id ) . "' id='del[$attachment_id]' class='delete'>" . __( 'Delete Permanently' ) . '</a>';1163 $delete = "<a href='" . wp_nonce_url( "post.php?action=delete&post=$attachment_id", 'delete-post_' . $attachment_id ) . "' id='del[$attachment_id]' class='delete-permanently'>" . __( 'Delete Permanently' ) . '</a>'; 1164 1164 } elseif ( !MEDIA_TRASH ) { 1165 1165 $delete = "<a href='#' class='del-link' onclick=\"document.getElementById('del_attachment_$attachment_id').style.display='block';return false;\">" . __( 'Delete' ) . "</a> 1166 1166 <div id='del_attachment_$attachment_id' class='del-attachment' style='display:none;'><p>" . sprintf( __( 'You are about to delete <strong>%s</strong>.' ), $filename ) . "</p> 1167 <a href='" . wp_nonce_url( "post.php?action=delete&post=$attachment_id", 'delete- attachment_' . $attachment_id ) . "' id='del[$attachment_id]' class='button'>" . __( 'Continue' ) . "</a>1167 <a href='" . wp_nonce_url( "post.php?action=delete&post=$attachment_id", 'delete-post_' . $attachment_id ) . "' id='del[$attachment_id]' class='button'>" . __( 'Continue' ) . "</a> 1168 1168 <a href='#' class='button' onclick=\"this.parentNode.style.display='none';return false;\">" . __( 'Cancel' ) . "</a> 1169 1169 </div>"; 1170 1170 } else { 1171 $delete = "<a href='" . wp_nonce_url( "post.php?action=trash&post=$attachment_id", 'trash- attachment_' . $attachment_id ) . "' id='del[$attachment_id]' class='delete'>" . __( 'Move to Trash' ) . "</a>1172 <a href='" . wp_nonce_url( "post.php?action=untrash&post=$attachment_id", 'untrash- attachment_' . $attachment_id ) . "' id='undo[$attachment_id]' class='undo hidden'>" . __( 'Undo' ) . "</a>";1171 $delete = "<a href='" . wp_nonce_url( "post.php?action=trash&post=$attachment_id", 'trash-post_' . $attachment_id ) . "' id='del[$attachment_id]' class='delete'>" . __( 'Move to Trash' ) . "</a> 1172 <a href='" . wp_nonce_url( "post.php?action=untrash&post=$attachment_id", 'untrash-post_' . $attachment_id ) . "' id='undo[$attachment_id]' class='undo hidden'>" . __( 'Undo' ) . "</a>"; 1173 1173 } 1174 1174 } else { 1175 1175 $delete = ''; -
wp-admin/post.php
177 177 break; 178 178 179 179 case 'editattachment': 180 check_admin_referer('update- attachment_' . $post_id);180 check_admin_referer('update-post_' . $post_id); 181 181 182 182 // Don't let these be changed 183 183 unset($_POST['guid']); … … 190 190 wp_update_attachment_metadata( $post_id, $newmeta ); 191 191 192 192 case 'editpost': 193 check_admin_referer('update- ' . $post_type . '_' . $post_id);193 check_admin_referer('update-post_' . $post_id); 194 194 195 195 $post_id = edit_post(); 196 196 … … 200 200 break; 201 201 202 202 case 'trash': 203 check_admin_referer('trash- ' . $post_type . '_' . $post_id);203 check_admin_referer('trash-post_' . $post_id); 204 204 205 205 $post = & get_post($post_id); 206 206 … … 215 215 break; 216 216 217 217 case 'untrash': 218 check_admin_referer('untrash- ' . $post_type . '_' . $post_id);218 check_admin_referer('untrash-post_' . $post_id); 219 219 220 220 if ( !current_user_can($post_type_object->cap->delete_post, $post_id) ) 221 221 wp_die( __('You are not allowed to move this item out of the Trash.') ); … … 228 228 break; 229 229 230 230 case 'delete': 231 check_admin_referer('delete- ' . $post_type . '_' . $post_id);231 check_admin_referer('delete-post_' . $post_id); 232 232 233 233 if ( !current_user_can($post_type_object->cap->delete_post, $post_id) ) 234 234 wp_die( __('You are not allowed to delete this item.') ); -
wp-admin/edit-form-advanced.php
83 83 } 84 84 85 85 $form_action = 'editpost'; 86 $nonce_action = 'update- ' . $post_type . '_' . $post_ID;86 $nonce_action = 'update-post_' . $post_ID; 87 87 $form_extra .= "<input type='hidden' id='post_ID' name='post_ID' value='" . esc_attr($post_ID) . "' />"; 88 88 89 89 // Detect if there exists an autosave newer than the post and if that autosave is different than the post