-
diff --git wp-admin/comment.php wp-admin/comment.php
index de5483e..a0a85b8 100644
|
|
if ( $comment->comment_approved != '0' ) { // if not unapproved |
191 | 191 | </tr> |
192 | 192 | </table> |
193 | 193 | |
194 | | <?php wp_nonce_field( $nonce_action ); ?> |
| 194 | <?php wp_nonce_field( $nonce_action, $nonce_action ); ?> |
195 | 195 | <input type='hidden' name='action' value='<?php echo esc_attr($formaction); ?>' /> |
196 | 196 | <input type='hidden' name='c' value='<?php echo esc_attr($comment->comment_ID); ?>' /> |
197 | 197 | <input type='hidden' name='noredir' value='1' /> |
… |
… |
case 'editedcomment' : |
274 | 274 | $comment_id = absint( $_POST['comment_ID'] ); |
275 | 275 | $comment_post_id = absint( $_POST['comment_post_ID'] ); |
276 | 276 | |
277 | | check_admin_referer( 'update-comment_' . $comment_id ); |
| 277 | check_admin_referer( 'update-comment_' . $comment_id, '_wpnonce-update-comment' ); |
278 | 278 | |
279 | 279 | edit_comment(); |
280 | 280 | |
-
diff --git wp-admin/custom-background.php wp-admin/custom-background.php
index a924eca..acee451 100644
|
|
if ( current_theme_supports( 'custom-background', 'default-color' ) ) |
328 | 328 | </tbody> |
329 | 329 | </table> |
330 | 330 | |
331 | | <?php wp_nonce_field('custom-background'); ?> |
| 331 | <?php wp_nonce_field( 'custom-background', '_wpnonce-custom-background-save-options' ); ?> |
332 | 332 | <?php submit_button( null, 'primary', 'save-background-options' ); ?> |
333 | 333 | </form> |
334 | 334 | |
-
diff --git wp-admin/custom-header.php wp-admin/custom-header.php
index 14f01df..0650bd6 100644
|
|
class Custom_Image_Header { |
149 | 149 | $step = (int) $_GET['step']; |
150 | 150 | if ( $step < 1 || 3 < $step || |
151 | 151 | ( 2 == $step && ! wp_verify_nonce( $_REQUEST['_wpnonce-custom-header-upload'], 'custom-header-upload' ) ) || |
152 | | ( 3 == $step && ! wp_verify_nonce( $_REQUEST['_wpnonce'], 'custom-header-crop-image' ) ) |
| 152 | ( 3 == $step && ! wp_verify_nonce( $_REQUEST['_wpnonce-custom-header-crop-image'], 'custom-header-crop-image' ) ) |
153 | 153 | ) |
154 | 154 | return 1; |
155 | 155 | |
… |
… |
wp_nonce_field( 'custom-header-options', '_wpnonce-custom-header-options' ); ?> |
726 | 726 | <?php if ( empty( $_POST ) && isset( $_GET['file'] ) ) { ?> |
727 | 727 | <input type="hidden" name="create-new-attachment" value="true" /> |
728 | 728 | <?php } ?> |
729 | | <?php wp_nonce_field( 'custom-header-crop-image' ) ?> |
| 729 | <?php wp_nonce_field( 'custom-header-crop-image', '_wpnonce-custom-header-crop-image' ) ?> |
730 | 730 | |
731 | 731 | <p class="submit"> |
732 | 732 | <?php submit_button( __( 'Crop and Publish' ), 'primary', 'submit', false ); ?> |
… |
… |
wp_nonce_field( 'custom-header-options', '_wpnonce-custom-header-options' ); ?> |
784 | 784 | * @since 2.1.0 |
785 | 785 | */ |
786 | 786 | function step_3() { |
787 | | check_admin_referer( 'custom-header-crop-image' ); |
| 787 | check_admin_referer( 'custom-header-crop-image', '_wpnonce-custom-header-crop-image' ); |
788 | 788 | |
789 | 789 | if ( ! current_theme_supports( 'custom-header', 'uploads' ) ) |
790 | 790 | wp_die( __( 'Cheatin’ uh?' ) ); |
-
diff --git wp-admin/edit-comments.php wp-admin/edit-comments.php
index 174cd9a..afd8b76 100644
|
|
$pagenum = $wp_list_table->get_pagenum(); |
17 | 17 | $doaction = $wp_list_table->current_action(); |
18 | 18 | |
19 | 19 | if ( $doaction ) { |
20 | | check_admin_referer( 'bulk-comments' ); |
| 20 | check_admin_referer( 'bulk-comments', '_wpnonce-bulk-comments' ); |
21 | 21 | |
22 | 22 | if ( 'delete_all' == $doaction && !empty( $_REQUEST['pagegen_timestamp'] ) ) { |
23 | 23 | $comment_status = $wpdb->escape( $_REQUEST['comment_status'] ); |
-
diff --git wp-admin/edit-form-advanced.php wp-admin/edit-form-advanced.php
index 7d142d9..c5706fe 100644
|
|
if ( isset( $post_new_file ) && current_user_can( $post_type_object->cap->create |
297 | 297 | <div id="message" class="updated"><p><?php echo $message; ?></p></div> |
298 | 298 | <?php endif; ?> |
299 | 299 | <form name="post" action="post.php" method="post" id="post"<?php do_action('post_edit_form_tag'); ?>> |
300 | | <?php wp_nonce_field($nonce_action); ?> |
| 300 | <?php wp_nonce_field( $nonce_action, 'edit_form_advanced_nonce' ); ?> |
301 | 301 | <input type="hidden" id="user-id" name="user_ID" value="<?php echo (int) $user_ID ?>" /> |
302 | 302 | <input type="hidden" id="hiddenaction" name="action" value="<?php echo esc_attr( $form_action ) ?>" /> |
303 | 303 | <input type="hidden" id="originalaction" name="originalaction" value="<?php echo esc_attr( $form_action ) ?>" /> |
-
diff --git wp-admin/edit-form-comment.php wp-admin/edit-form-comment.php
index 14a2966..fb7f00a 100644
|
|
if ( !defined('ABSPATH') ) |
11 | 11 | die('-1'); |
12 | 12 | ?> |
13 | 13 | <form name="post" action="comment.php" method="post" id="post"> |
14 | | <?php wp_nonce_field('update-comment_' . $comment->comment_ID) ?> |
| 14 | <?php wp_nonce_field( 'update-comment_' . $comment->comment_ID, '_wpnonce-update-comment') ?> |
15 | 15 | <div class="wrap"> |
16 | 16 | <?php screen_icon(); ?> |
17 | 17 | <h2><?php _e('Edit Comment'); ?></h2> |
-
diff --git wp-admin/edit-link-form.php wp-admin/edit-link-form.php
index 6d81ec0..143aa10 100644
|
|
if ( !empty($form) ) |
71 | 71 | if ( !empty($link_added) ) |
72 | 72 | echo $link_added; |
73 | 73 | |
74 | | wp_nonce_field( $nonce_action ); |
| 74 | wp_nonce_field( $nonce_action, '_wpnonce-edit-link' ); |
75 | 75 | wp_nonce_field( 'closedpostboxes', 'closedpostboxesnonce', false ); |
76 | 76 | wp_nonce_field( 'meta-box-order', 'meta-box-order-nonce', false ); ?> |
77 | 77 | |
-
diff --git wp-admin/edit-tag-form.php wp-admin/edit-tag-form.php
index 034642a..53c4c9e 100644
|
|
do_action($taxonomy . '_pre_edit_form', $tag, $taxonomy); ?> |
34 | 34 | <input type="hidden" name="action" value="editedtag" /> |
35 | 35 | <input type="hidden" name="tag_ID" value="<?php echo esc_attr($tag->term_id) ?>" /> |
36 | 36 | <input type="hidden" name="taxonomy" value="<?php echo esc_attr($taxonomy) ?>" /> |
37 | | <?php wp_original_referer_field(true, 'previous'); wp_nonce_field('update-tag_' . $tag_ID); ?> |
| 37 | <?php wp_original_referer_field( true, 'previous' ); wp_nonce_field( 'update-tag_' . $tag_ID, '_wpnonce-edit-tag' ); ?> |
38 | 38 | <table class="form-table"> |
39 | 39 | <tr class="form-field form-required"> |
40 | 40 | <th scope="row" valign="top"><label for="name"><?php _ex('Name', 'Taxonomy Name'); ?></label></th> |
-
diff --git wp-admin/edit-tags.php wp-admin/edit-tags.php
index 7250a66..efb08d7 100644
|
|
case 'delete': |
94 | 94 | break; |
95 | 95 | |
96 | 96 | case 'bulk-delete': |
97 | | check_admin_referer( 'bulk-tags' ); |
| 97 | check_admin_referer( 'bulk-tags', '_wpnonce-bulk-tags' ); |
98 | 98 | |
99 | 99 | if ( !current_user_can( $tax->cap->delete_terms ) ) |
100 | 100 | wp_die( __( 'Cheatin’ uh?' ) ); |
… |
… |
break; |
133 | 133 | |
134 | 134 | case 'editedtag': |
135 | 135 | $tag_ID = (int) $_POST['tag_ID']; |
136 | | check_admin_referer( 'update-tag_' . $tag_ID ); |
| 136 | check_admin_referer( 'update-tag_' . $tag_ID, '_wpnonce-edit-tag' ); |
137 | 137 | |
138 | 138 | if ( !current_user_can( $tax->cap->edit_terms ) ) |
139 | 139 | wp_die( __( 'Cheatin’ uh?' ) ); |
-
diff --git wp-admin/edit.php wp-admin/edit.php
index 9eae3cf..b430cb7 100644
|
|
if ( 'post' != $post_type ) { |
46 | 46 | $doaction = $wp_list_table->current_action(); |
47 | 47 | |
48 | 48 | if ( $doaction ) { |
49 | | check_admin_referer('bulk-posts'); |
| 49 | check_admin_referer( 'bulk-posts', '_wpnonce-bulk-posts' ); |
50 | 50 | |
51 | 51 | $sendback = remove_query_arg( array('trashed', 'untrashed', 'deleted', 'ids'), wp_get_referer() ); |
52 | 52 | if ( ! $sendback ) |
-
diff --git wp-admin/includes/class-wp-list-table.php wp-admin/includes/class-wp-list-table.php
index 8a22bd4..33fb1b2 100644
|
|
class WP_List_Table { |
759 | 759 | * @access protected |
760 | 760 | */ |
761 | 761 | function display_tablenav( $which ) { |
762 | | if ( 'top' == $which ) |
763 | | wp_nonce_field( 'bulk-' . $this->_args['plural'] ); |
| 762 | if ( 'top' == $which ) { |
| 763 | $nonce_action = 'bulk-' . $this->_args['plural']; |
| 764 | wp_nonce_field( $nonce_action, '_wpnonce-' . $nonce_action ); |
| 765 | } |
764 | 766 | ?> |
765 | 767 | <div class="tablenav <?php echo esc_attr( $which ); ?>"> |
766 | 768 | |
-
diff --git wp-admin/includes/dashboard.php wp-admin/includes/dashboard.php
index 0df8109..0b9a6b7 100644
|
|
function wp_dashboard_quick_press() { |
557 | 557 | <input type="hidden" name="action" id="quickpost-action" value="post-quickpress-save" /> |
558 | 558 | <input type="hidden" name="post_ID" value="<?php echo $post_ID; ?>" /> |
559 | 559 | <input type="hidden" name="post_type" value="post" /> |
560 | | <?php wp_nonce_field('add-post'); ?> |
| 560 | <?php wp_nonce_field( 'add-post', '_wpnonce-add-post' ); ?> |
561 | 561 | <?php submit_button( __( 'Save Draft' ), 'button', 'save', false, array( 'id' => 'save-post' ) ); ?> |
562 | 562 | <input type="reset" value="<?php esc_attr_e( 'Reset' ); ?>" class="button" /> |
563 | 563 | <br class="clear" /> |
-
diff --git wp-admin/link-manager.php wp-admin/link-manager.php
index 92194f0..6e4e136 100644
|
|
$wp_list_table = _get_list_table('WP_Links_List_Table'); |
17 | 17 | $doaction = $wp_list_table->current_action(); |
18 | 18 | |
19 | 19 | if ( $doaction && isset( $_REQUEST['linkcheck'] ) ) { |
20 | | check_admin_referer( 'bulk-bookmarks' ); |
| 20 | check_admin_referer( 'bulk-bookmarks', '_wpnonce-bulk-bookmarks' ); |
21 | 21 | |
22 | 22 | if ( 'delete' == $doaction ) { |
23 | 23 | $bulklinks = (array) $_REQUEST['linkcheck']; |
-
diff --git wp-admin/link.php wp-admin/link.php
index d12d229..bffce01 100644
|
|
$this_file = admin_url('link-manager.php'); |
28 | 28 | |
29 | 29 | switch ($action) { |
30 | 30 | case 'deletebookmarks' : |
31 | | check_admin_referer('bulk-bookmarks'); |
| 31 | check_admin_referer( 'bulk-bookmarks', '_wpnonce-bulk-bookmarks' ); |
32 | 32 | |
33 | 33 | //for each link id (in $linkcheck[]) change category to selected value |
34 | 34 | if (count($linkcheck) == 0) { |
… |
… |
switch ($action) { |
49 | 49 | break; |
50 | 50 | |
51 | 51 | case 'move' : |
52 | | check_admin_referer('bulk-bookmarks'); |
| 52 | check_admin_referer( 'bulk-bookmarks', '_wpnonce-bulk-bookmarks' ); |
53 | 53 | |
54 | 54 | //for each link id (in $linkcheck[]) change category to selected value |
55 | 55 | if (count($linkcheck) == 0) { |
… |
… |
switch ($action) { |
65 | 65 | break; |
66 | 66 | |
67 | 67 | case 'add' : |
68 | | check_admin_referer('add-bookmark'); |
| 68 | check_admin_referer( 'add-bookmark', '_wpnonce-edit-link' ); |
69 | 69 | |
70 | 70 | $redir = wp_get_referer(); |
71 | 71 | if ( add_link() ) |
… |
… |
switch ($action) { |
77 | 77 | |
78 | 78 | case 'save' : |
79 | 79 | $link_id = (int) $_POST['link_id']; |
80 | | check_admin_referer('update-bookmark_' . $link_id); |
| 80 | check_admin_referer( 'update-bookmark_' . $link_id, '_wpnonce-edit-link' ); |
81 | 81 | |
82 | 82 | edit_link($link_id); |
83 | 83 | |
-
diff --git wp-admin/network/site-themes.php wp-admin/network/site-themes.php
index b47a0c6..db3e719 100644
|
|
if ( $action ) { |
83 | 83 | unset( $allowed_themes[$theme] ); |
84 | 84 | break; |
85 | 85 | case 'enable-selected': |
86 | | check_admin_referer( 'bulk-themes' ); |
| 86 | check_admin_referer( 'bulk-themes', '_wpnonce-bulk-themes' ); |
87 | 87 | if ( isset( $_POST['checked'] ) ) { |
88 | 88 | $themes = (array) $_POST['checked']; |
89 | 89 | $action = 'enabled'; |
… |
… |
if ( $action ) { |
96 | 96 | } |
97 | 97 | break; |
98 | 98 | case 'disable-selected': |
99 | | check_admin_referer( 'bulk-themes' ); |
| 99 | check_admin_referer( 'bulk-themes', '_wpnonce-bulk-themes' ); |
100 | 100 | if ( isset( $_POST['checked'] ) ) { |
101 | 101 | $themes = (array) $_POST['checked']; |
102 | 102 | $action = 'disabled'; |
-
diff --git wp-admin/network/site-users.php wp-admin/network/site-users.php
index 2064a76..522403a 100644
|
|
if ( $action ) { |
104 | 104 | case 'remove': |
105 | 105 | if ( ! current_user_can( 'remove_users' ) ) |
106 | 106 | die(__('You can’t remove users.')); |
107 | | check_admin_referer( 'bulk-users' ); |
| 107 | check_admin_referer( 'bulk-users', '_wpnonce-bulk-users' ); |
108 | 108 | |
109 | 109 | $update = 'remove'; |
110 | 110 | if ( isset( $_REQUEST['users'] ) ) { |
… |
… |
if ( $action ) { |
122 | 122 | break; |
123 | 123 | |
124 | 124 | case 'promote': |
125 | | check_admin_referer( 'bulk-users' ); |
| 125 | check_admin_referer( 'bulk-users', '_wpnonce-bulk-users' ); |
126 | 126 | $editable_roles = get_editable_roles(); |
127 | 127 | if ( empty( $editable_roles[$_REQUEST['new_role']] ) ) |
128 | 128 | wp_die(__('You can’t give users that role.')); |
-
diff --git wp-admin/network/themes.php wp-admin/network/themes.php
index 04840ee..f76e6e4 100644
|
|
if ( $action ) { |
49 | 49 | exit; |
50 | 50 | break; |
51 | 51 | case 'enable-selected': |
52 | | check_admin_referer('bulk-themes'); |
| 52 | check_admin_referer( 'bulk-themes', '_wpnonce-bulk-themes' ); |
53 | 53 | $themes = isset( $_POST['checked'] ) ? (array) $_POST['checked'] : array(); |
54 | 54 | if ( empty($themes) ) { |
55 | 55 | wp_safe_redirect( add_query_arg( 'error', 'none', $referer ) ); |
… |
… |
if ( $action ) { |
62 | 62 | exit; |
63 | 63 | break; |
64 | 64 | case 'disable-selected': |
65 | | check_admin_referer('bulk-themes'); |
| 65 | check_admin_referer( 'bulk-themes', '_wpnonce-bulk-themes' ); |
66 | 66 | $themes = isset( $_POST['checked'] ) ? (array) $_POST['checked'] : array(); |
67 | 67 | if ( empty($themes) ) { |
68 | 68 | wp_safe_redirect( add_query_arg( 'error', 'none', $referer ) ); |
… |
… |
if ( $action ) { |
75 | 75 | exit; |
76 | 76 | break; |
77 | 77 | case 'update-selected' : |
78 | | check_admin_referer( 'bulk-themes' ); |
| 78 | check_admin_referer( 'bulk-themes', '_wpnonce-bulk-themes' ); |
79 | 79 | |
80 | 80 | if ( isset( $_GET['themes'] ) ) |
81 | 81 | $themes = explode( ',', $_GET['themes'] ); |
… |
… |
if ( $action ) { |
104 | 104 | case 'delete-selected': |
105 | 105 | if ( ! current_user_can( 'delete_themes' ) ) |
106 | 106 | wp_die( __('You do not have sufficient permissions to delete themes for this site.') ); |
107 | | check_admin_referer( 'bulk-themes' ); |
| 107 | check_admin_referer( 'bulk-themes', '_wpnonce-bulk-themes' ); |
108 | 108 | |
109 | 109 | $themes = isset( $_REQUEST['checked'] ) ? (array) $_REQUEST['checked'] : array(); |
110 | 110 | |
-
diff --git wp-admin/network/users.php wp-admin/network/users.php
index 1318355..85f1448 100644
|
|
if ( isset( $_GET['action'] ) ) { |
117 | 117 | wp_die( __( 'You do not have permission to access this page.' ) ); |
118 | 118 | |
119 | 119 | if ( ( isset( $_POST['action']) || isset($_POST['action2'] ) ) && isset( $_POST['allusers'] ) ) { |
120 | | check_admin_referer( 'bulk-users-network' ); |
| 120 | check_admin_referer( 'bulk-users-network', '_wpnonce-bulk-users-network' ); |
121 | 121 | |
122 | 122 | $doaction = $_POST['action'] != -1 ? $_POST['action'] : $_POST['action2']; |
123 | 123 | $userfunction = ''; |
-
diff --git wp-admin/plugins.php wp-admin/plugins.php
index 7fc3036..e81fe92 100644
|
|
if ( $action ) { |
65 | 65 | if ( ! current_user_can('activate_plugins') ) |
66 | 66 | wp_die(__('You do not have sufficient permissions to activate plugins for this site.')); |
67 | 67 | |
68 | | check_admin_referer('bulk-plugins'); |
| 68 | check_admin_referer( 'bulk-plugins', '_wpnonce-bulk-plugins' ); |
69 | 69 | |
70 | 70 | $plugins = isset( $_POST['checked'] ) ? (array) $_POST['checked'] : array(); |
71 | 71 | |
… |
… |
if ( $action ) { |
101 | 101 | break; |
102 | 102 | case 'update-selected' : |
103 | 103 | |
104 | | check_admin_referer( 'bulk-plugins' ); |
| 104 | check_admin_referer( 'bulk-plugins', '_wpnonce-bulk-plugins' ); |
105 | 105 | |
106 | 106 | if ( isset( $_GET['plugins'] ) ) |
107 | 107 | $plugins = explode( ',', $_GET['plugins'] ); |
… |
… |
if ( $action ) { |
174 | 174 | if ( ! current_user_can('activate_plugins') ) |
175 | 175 | wp_die(__('You do not have sufficient permissions to deactivate plugins for this site.')); |
176 | 176 | |
177 | | check_admin_referer('bulk-plugins'); |
| 177 | check_admin_referer( 'bulk-plugins', '_wpnonce-bulk-plugins' ); |
178 | 178 | |
179 | 179 | $plugins = isset( $_POST['checked'] ) ? (array) $_POST['checked'] : array(); |
180 | 180 | // Do not deactivate plugins which are already deactivated. |
… |
… |
if ( $action ) { |
205 | 205 | if ( ! current_user_can('delete_plugins') ) |
206 | 206 | wp_die(__('You do not have sufficient permissions to delete plugins for this site.')); |
207 | 207 | |
208 | | check_admin_referer('bulk-plugins'); |
| 208 | check_admin_referer( 'bulk-plugins', '_wpnonce-bulk-plugins' ); |
209 | 209 | |
210 | 210 | //$_POST = from the plugin form; $_GET = from the FTP details screen. |
211 | 211 | $plugins = isset( $_REQUEST['checked'] ) ? (array) $_REQUEST['checked'] : array(); |
-
diff --git wp-admin/post.php wp-admin/post.php
index c638c18..f777bfd 100644
|
|
case 'postajaxpost': |
100 | 100 | case 'post': |
101 | 101 | case 'post-quickpress-publish': |
102 | 102 | case 'post-quickpress-save': |
103 | | check_admin_referer('add-' . $post_type); |
| 103 | check_admin_referer( 'add-' . $post_type, '_wpnonce-add-' . $post_type ); |
104 | 104 | |
105 | 105 | if ( 'post-quickpress-publish' == $action ) |
106 | 106 | $_POST['publish'] = 'publish'; // tell write_post() to publish |
-
diff --git wp-admin/update.php wp-admin/update.php
index 687142e..822c6c7 100644
|
|
if ( isset($_GET['action']) ) { |
23 | 23 | if ( ! current_user_can( 'update_plugins' ) ) |
24 | 24 | wp_die( __( 'You do not have sufficient permissions to update plugins for this site.' ) ); |
25 | 25 | |
26 | | check_admin_referer( 'bulk-update-plugins' ); |
| 26 | check_admin_referer( 'bulk-update-plugins', '_wpnonce-bulk-update-plugins' ); |
27 | 27 | |
28 | 28 | if ( isset( $_GET['plugins'] ) ) |
29 | 29 | $plugins = explode( ',', stripslashes($_GET['plugins']) ); |
… |
… |
if ( isset($_GET['action']) ) { |
170 | 170 | if ( ! current_user_can( 'update_themes' ) ) |
171 | 171 | wp_die( __( 'You do not have sufficient permissions to update themes for this site.' ) ); |
172 | 172 | |
173 | | check_admin_referer( 'bulk-update-themes' ); |
| 173 | check_admin_referer( 'bulk-update-themes', '_wpnonce-bulk-update-themes' ); |
174 | 174 | |
175 | 175 | if ( isset( $_GET['themes'] ) ) |
176 | 176 | $themes = explode( ',', stripslashes($_GET['themes']) ); |
-
diff --git wp-admin/upload.php wp-admin/upload.php
index 7d50d52..a05af95 100644
|
|
$pagenum = $wp_list_table->get_pagenum(); |
19 | 19 | $doaction = $wp_list_table->current_action(); |
20 | 20 | |
21 | 21 | if ( $doaction ) { |
22 | | check_admin_referer('bulk-media'); |
| 22 | check_admin_referer( 'bulk-media', '_wpnonce-bulk-media' ); |
23 | 23 | |
24 | 24 | if ( 'delete_all' == $doaction ) { |
25 | 25 | $post_ids = $wpdb->get_col( "SELECT ID FROM $wpdb->posts WHERE post_type='attachment' AND post_status = 'trash'" ); |
-
diff --git wp-admin/users.php wp-admin/users.php
index 6ea1765..b9db4b9 100644
|
|
switch ( $wp_list_table->current_action() ) { |
95 | 95 | |
96 | 96 | /* Bulk Dropdown menu Role changes */ |
97 | 97 | case 'promote': |
98 | | check_admin_referer('bulk-users'); |
| 98 | check_admin_referer( 'bulk-users', '_wpnonce-bulk-users' ); |
99 | 99 | |
100 | 100 | if ( ! current_user_can( 'promote_users' ) ) |
101 | 101 | wp_die( __( 'You can’t edit that user.' ) ); |
… |
… |
case 'delete': |
191 | 191 | if ( is_multisite() ) |
192 | 192 | wp_die( __('User deletion is not allowed from this screen.') ); |
193 | 193 | |
194 | | check_admin_referer('bulk-users'); |
| 194 | check_admin_referer( 'bulk-users', '_wpnonce-bulk-users' ); |
195 | 195 | |
196 | 196 | if ( empty($_REQUEST['users']) && empty($_REQUEST['user']) ) { |
197 | 197 | wp_redirect($redirect); |
… |
… |
break; |
295 | 295 | |
296 | 296 | case 'remove': |
297 | 297 | |
298 | | check_admin_referer('bulk-users'); |
| 298 | check_admin_referer( 'bulk-users', '_wpnonce-bulk-users' ); |
299 | 299 | |
300 | 300 | if ( ! is_multisite() ) |
301 | 301 | wp_die( __( 'You can’t remove users.' ) ); |
-
diff --git wp-includes/functions.php wp-includes/functions.php
index a41d32f..8fda660 100644
|
|
function wp_nonce_url( $actionurl, $action = -1 ) { |
1191 | 1191 | * @return string Nonce field. |
1192 | 1192 | */ |
1193 | 1193 | function wp_nonce_field( $action = -1, $name = "_wpnonce", $referer = true , $echo = true ) { |
| 1194 | if ( 1 >= func_num_args() ) |
| 1195 | _doing_it_wrong( __METHOD__, __( 'The action and name parameters are now required.' ), '3.6' ); |
| 1196 | |
1194 | 1197 | $name = esc_attr( $name ); |
1195 | 1198 | $nonce_field = '<input type="hidden" id="' . $name . '" name="' . $name . '" value="' . wp_create_nonce( $action ) . '" />'; |
1196 | 1199 | |
-
diff --git wp-includes/js/autosave.js wp-includes/js/autosave.js
index 3920d36..9077f67 100644
|
|
jQuery(document).ready( function($) { |
61 | 61 | async: false, |
62 | 62 | data: { |
63 | 63 | action: 'wp-remove-post-lock', |
64 | | _wpnonce: $('#_wpnonce').val(), |
| 64 | _wpnonce: $('input[name="edit_form_advanced_nonce"]').val(), |
65 | 65 | post_ID: $('#post_ID').val(), |
66 | 66 | active_post_lock: $('#active_post_lock').val() |
67 | 67 | } |