-
diff --git wp-admin/comment.php wp-admin/comment.php
index de5483e..a0a85b8 100644
|
|
|
if ( $comment->comment_approved != '0' ) { // if not unapproved |
| 191 | 191 | </tr> |
| 192 | 192 | </table> |
| 193 | 193 | |
| 194 | | <?php wp_nonce_field( $nonce_action |
| | 194 | <?php wp_nonce_field( $nonce_action, $nonce_action ); ?> |
| 195 | 195 | <input type='hidden' name='action' value='<?php echo esc_attr($formaction); ?>' /> |
| 196 | 196 | <input type='hidden' name='c' value='<?php echo esc_attr($comment->comment_ID); ?>' /> |
| 197 | 197 | <input type='hidden' name='noredir' value='1' /> |
| … |
… |
case 'editedcomment' : |
| 274 | 274 | $comment_id = absint( $_POST['comment_ID'] ); |
| 275 | 275 | $comment_post_id = absint( $_POST['comment_post_ID'] ); |
| 276 | 276 | |
| 277 | | check_admin_referer( 'update-comment_' . $comment_id |
| | 277 | check_admin_referer( 'update-comment_' . $comment_id, '_wpnonce-update-comment' ); |
| 278 | 278 | |
| 279 | 279 | edit_comment(); |
| 280 | 280 | |
-
diff --git wp-admin/custom-background.php wp-admin/custom-background.php
index a924eca..acee451 100644
|
|
|
if ( current_theme_supports( 'custom-background', 'default-color' ) ) |
| 328 | 328 | </tbody> |
| 329 | 329 | </table> |
| 330 | 330 | |
| 331 | | <?php wp_nonce_field('custom-background'); ?> |
| | 331 | <?php wp_nonce_field( 'custom-background', '_wpnonce-custom-background-save-options' ); ?> |
| 332 | 332 | <?php submit_button( null, 'primary', 'save-background-options' ); ?> |
| 333 | 333 | </form> |
| 334 | 334 | |
-
diff --git wp-admin/custom-header.php wp-admin/custom-header.php
index 14f01df..0650bd6 100644
|
|
|
class Custom_Image_Header { |
| 149 | 149 | $step = (int) $_GET['step']; |
| 150 | 150 | if ( $step < 1 || 3 < $step || |
| 151 | 151 | ( 2 == $step && ! wp_verify_nonce( $_REQUEST['_wpnonce-custom-header-upload'], 'custom-header-upload' ) ) || |
| 152 | | ( 3 == $step && ! wp_verify_nonce( $_REQUEST['_wpnonce |
| | 152 | ( 3 == $step && ! wp_verify_nonce( $_REQUEST['_wpnonce-custom-header-crop-image'], 'custom-header-crop-image' ) ) |
| 153 | 153 | ) |
| 154 | 154 | return 1; |
| 155 | 155 | |
| … |
… |
wp_nonce_field( 'custom-header-options', '_wpnonce-custom-header-options' ); ?> |
| 726 | 726 | <?php if ( empty( $_POST ) && isset( $_GET['file'] ) ) { ?> |
| 727 | 727 | <input type="hidden" name="create-new-attachment" value="true" /> |
| 728 | 728 | <?php } ?> |
| 729 | | <?php wp_nonce_field( 'custom-header-crop-image' |
| | 729 | <?php wp_nonce_field( 'custom-header-crop-image', '_wpnonce-custom-header-crop-image' ) ?> |
| 730 | 730 | |
| 731 | 731 | <p class="submit"> |
| 732 | 732 | <?php submit_button( __( 'Crop and Publish' ), 'primary', 'submit', false ); ?> |
| … |
… |
wp_nonce_field( 'custom-header-options', '_wpnonce-custom-header-options' ); ?> |
| 784 | 784 | * @since 2.1.0 |
| 785 | 785 | */ |
| 786 | 786 | function step_3() { |
| 787 | | check_admin_referer( 'custom-header-crop-image' |
| | 787 | check_admin_referer( 'custom-header-crop-image', '_wpnonce-custom-header-crop-image' ); |
| 788 | 788 | |
| 789 | 789 | if ( ! current_theme_supports( 'custom-header', 'uploads' ) ) |
| 790 | 790 | wp_die( __( 'Cheatin’ uh?' ) ); |
-
diff --git wp-admin/edit-comments.php wp-admin/edit-comments.php
index 174cd9a..afd8b76 100644
|
|
|
$pagenum = $wp_list_table->get_pagenum(); |
| 17 | 17 | $doaction = $wp_list_table->current_action(); |
| 18 | 18 | |
| 19 | 19 | if ( $doaction ) { |
| 20 | | check_admin_referer( 'bulk-comments' |
| | 20 | check_admin_referer( 'bulk-comments', '_wpnonce-bulk-comments' ); |
| 21 | 21 | |
| 22 | 22 | if ( 'delete_all' == $doaction && !empty( $_REQUEST['pagegen_timestamp'] ) ) { |
| 23 | 23 | $comment_status = $wpdb->escape( $_REQUEST['comment_status'] ); |
-
diff --git wp-admin/edit-form-advanced.php wp-admin/edit-form-advanced.php
index 7d142d9..c5706fe 100644
|
|
|
if ( isset( $post_new_file ) && current_user_can( $post_type_object->cap->create |
| 297 | 297 | <div id="message" class="updated"><p><?php echo $message; ?></p></div> |
| 298 | 298 | <?php endif; ?> |
| 299 | 299 | <form name="post" action="post.php" method="post" id="post"<?php do_action('post_edit_form_tag'); ?>> |
| 300 | | <?php wp_nonce_field($nonce_action); ?> |
| | 300 | <?php wp_nonce_field( $nonce_action, 'edit_form_advanced_nonce' ); ?> |
| 301 | 301 | <input type="hidden" id="user-id" name="user_ID" value="<?php echo (int) $user_ID ?>" /> |
| 302 | 302 | <input type="hidden" id="hiddenaction" name="action" value="<?php echo esc_attr( $form_action ) ?>" /> |
| 303 | 303 | <input type="hidden" id="originalaction" name="originalaction" value="<?php echo esc_attr( $form_action ) ?>" /> |
-
diff --git wp-admin/edit-form-comment.php wp-admin/edit-form-comment.php
index 14a2966..fb7f00a 100644
|
|
|
if ( !defined('ABSPATH') ) |
| 11 | 11 | die('-1'); |
| 12 | 12 | ?> |
| 13 | 13 | <form name="post" action="comment.php" method="post" id="post"> |
| 14 | | <?php wp_nonce_field('update-comment_' . $comment->comment_ID) ?> |
| | 14 | <?php wp_nonce_field( 'update-comment_' . $comment->comment_ID, '_wpnonce-update-comment') ?> |
| 15 | 15 | <div class="wrap"> |
| 16 | 16 | <?php screen_icon(); ?> |
| 17 | 17 | <h2><?php _e('Edit Comment'); ?></h2> |
-
diff --git wp-admin/edit-link-form.php wp-admin/edit-link-form.php
index 6d81ec0..143aa10 100644
|
|
|
if ( !empty($form) ) |
| 71 | 71 | if ( !empty($link_added) ) |
| 72 | 72 | echo $link_added; |
| 73 | 73 | |
| 74 | | wp_nonce_field( $nonce_action |
| | 74 | wp_nonce_field( $nonce_action, '_wpnonce-edit-link' ); |
| 75 | 75 | wp_nonce_field( 'closedpostboxes', 'closedpostboxesnonce', false ); |
| 76 | 76 | wp_nonce_field( 'meta-box-order', 'meta-box-order-nonce', false ); ?> |
| 77 | 77 | |
-
diff --git wp-admin/edit-tag-form.php wp-admin/edit-tag-form.php
index 034642a..53c4c9e 100644
|
|
|
do_action($taxonomy . '_pre_edit_form', $tag, $taxonomy); ?> |
| 34 | 34 | <input type="hidden" name="action" value="editedtag" /> |
| 35 | 35 | <input type="hidden" name="tag_ID" value="<?php echo esc_attr($tag->term_id) ?>" /> |
| 36 | 36 | <input type="hidden" name="taxonomy" value="<?php echo esc_attr($taxonomy) ?>" /> |
| 37 | | <?php wp_original_referer_field(true, 'previous'); wp_nonce_field('update-tag_' . $tag_ID); ?> |
| | 37 | <?php wp_original_referer_field( true, 'previous' ); wp_nonce_field( 'update-tag_' . $tag_ID, '_wpnonce-edit-tag' ); ?> |
| 38 | 38 | <table class="form-table"> |
| 39 | 39 | <tr class="form-field form-required"> |
| 40 | 40 | <th scope="row" valign="top"><label for="name"><?php _ex('Name', 'Taxonomy Name'); ?></label></th> |
-
diff --git wp-admin/edit-tags.php wp-admin/edit-tags.php
index 7250a66..efb08d7 100644
|
|
|
case 'delete': |
| 94 | 94 | break; |
| 95 | 95 | |
| 96 | 96 | case 'bulk-delete': |
| 97 | | check_admin_referer( 'bulk-tags' |
| | 97 | check_admin_referer( 'bulk-tags', '_wpnonce-bulk-tags' ); |
| 98 | 98 | |
| 99 | 99 | if ( !current_user_can( $tax->cap->delete_terms ) ) |
| 100 | 100 | wp_die( __( 'Cheatin’ uh?' ) ); |
| … |
… |
break; |
| 133 | 133 | |
| 134 | 134 | case 'editedtag': |
| 135 | 135 | $tag_ID = (int) $_POST['tag_ID']; |
| 136 | | check_admin_referer( 'update-tag_' . $tag_ID |
| | 136 | check_admin_referer( 'update-tag_' . $tag_ID, '_wpnonce-edit-tag' ); |
| 137 | 137 | |
| 138 | 138 | if ( !current_user_can( $tax->cap->edit_terms ) ) |
| 139 | 139 | wp_die( __( 'Cheatin’ uh?' ) ); |
-
diff --git wp-admin/edit.php wp-admin/edit.php
index 9eae3cf..b430cb7 100644
|
|
|
if ( 'post' != $post_type ) { |
| 46 | 46 | $doaction = $wp_list_table->current_action(); |
| 47 | 47 | |
| 48 | 48 | if ( $doaction ) { |
| 49 | | check_admin_referer('bulk-posts'); |
| | 49 | check_admin_referer( 'bulk-posts', '_wpnonce-bulk-posts' ); |
| 50 | 50 | |
| 51 | 51 | $sendback = remove_query_arg( array('trashed', 'untrashed', 'deleted', 'ids'), wp_get_referer() ); |
| 52 | 52 | if ( ! $sendback ) |
-
diff --git wp-admin/includes/class-wp-list-table.php wp-admin/includes/class-wp-list-table.php
index 8a22bd4..33fb1b2 100644
|
|
|
class WP_List_Table { |
| 759 | 759 | * @access protected |
| 760 | 760 | */ |
| 761 | 761 | function display_tablenav( $which ) { |
| 762 | | if ( 'top' == $which ) |
| 763 | | wp_nonce_field( 'bulk-' . $this->_args['plural'] ); |
| | 762 | if ( 'top' == $which ) { |
| | 763 | $nonce_action = 'bulk-' . $this->_args['plural']; |
| | 764 | wp_nonce_field( $nonce_action, '_wpnonce-' . $nonce_action ); |
| | 765 | } |
| 764 | 766 | ?> |
| 765 | 767 | <div class="tablenav <?php echo esc_attr( $which ); ?>"> |
| 766 | 768 | |
-
diff --git wp-admin/includes/dashboard.php wp-admin/includes/dashboard.php
index 0df8109..0b9a6b7 100644
|
|
|
function wp_dashboard_quick_press() { |
| 557 | 557 | <input type="hidden" name="action" id="quickpost-action" value="post-quickpress-save" /> |
| 558 | 558 | <input type="hidden" name="post_ID" value="<?php echo $post_ID; ?>" /> |
| 559 | 559 | <input type="hidden" name="post_type" value="post" /> |
| 560 | | <?php wp_nonce_field('add-post'); ?> |
| | 560 | <?php wp_nonce_field( 'add-post', '_wpnonce-add-post' ); ?> |
| 561 | 561 | <?php submit_button( __( 'Save Draft' ), 'button', 'save', false, array( 'id' => 'save-post' ) ); ?> |
| 562 | 562 | <input type="reset" value="<?php esc_attr_e( 'Reset' ); ?>" class="button" /> |
| 563 | 563 | <br class="clear" /> |
-
diff --git wp-admin/link-manager.php wp-admin/link-manager.php
index 92194f0..6e4e136 100644
|
|
|
$wp_list_table = _get_list_table('WP_Links_List_Table'); |
| 17 | 17 | $doaction = $wp_list_table->current_action(); |
| 18 | 18 | |
| 19 | 19 | if ( $doaction && isset( $_REQUEST['linkcheck'] ) ) { |
| 20 | | check_admin_referer( 'bulk-bookmarks' |
| | 20 | check_admin_referer( 'bulk-bookmarks', '_wpnonce-bulk-bookmarks' ); |
| 21 | 21 | |
| 22 | 22 | if ( 'delete' == $doaction ) { |
| 23 | 23 | $bulklinks = (array) $_REQUEST['linkcheck']; |
-
diff --git wp-admin/link.php wp-admin/link.php
index d12d229..bffce01 100644
|
|
|
$this_file = admin_url('link-manager.php'); |
| 28 | 28 | |
| 29 | 29 | switch ($action) { |
| 30 | 30 | case 'deletebookmarks' : |
| 31 | | check_admin_referer('bulk-bookmarks'); |
| | 31 | check_admin_referer( 'bulk-bookmarks', '_wpnonce-bulk-bookmarks' ); |
| 32 | 32 | |
| 33 | 33 | //for each link id (in $linkcheck[]) change category to selected value |
| 34 | 34 | if (count($linkcheck) == 0) { |
| … |
… |
switch ($action) { |
| 49 | 49 | break; |
| 50 | 50 | |
| 51 | 51 | case 'move' : |
| 52 | | check_admin_referer('bulk-bookmarks'); |
| | 52 | check_admin_referer( 'bulk-bookmarks', '_wpnonce-bulk-bookmarks' ); |
| 53 | 53 | |
| 54 | 54 | //for each link id (in $linkcheck[]) change category to selected value |
| 55 | 55 | if (count($linkcheck) == 0) { |
| … |
… |
switch ($action) { |
| 65 | 65 | break; |
| 66 | 66 | |
| 67 | 67 | case 'add' : |
| 68 | | check_admin_referer('add-bookmark'); |
| | 68 | check_admin_referer( 'add-bookmark', '_wpnonce-edit-link' ); |
| 69 | 69 | |
| 70 | 70 | $redir = wp_get_referer(); |
| 71 | 71 | if ( add_link() ) |
| … |
… |
switch ($action) { |
| 77 | 77 | |
| 78 | 78 | case 'save' : |
| 79 | 79 | $link_id = (int) $_POST['link_id']; |
| 80 | | check_admin_referer('update-bookmark_' . $link_id); |
| | 80 | check_admin_referer( 'update-bookmark_' . $link_id, '_wpnonce-edit-link' ); |
| 81 | 81 | |
| 82 | 82 | edit_link($link_id); |
| 83 | 83 | |
-
diff --git wp-admin/network/site-themes.php wp-admin/network/site-themes.php
index b47a0c6..db3e719 100644
|
|
|
if ( $action ) { |
| 83 | 83 | unset( $allowed_themes[$theme] ); |
| 84 | 84 | break; |
| 85 | 85 | case 'enable-selected': |
| 86 | | check_admin_referer( 'bulk-themes' |
| | 86 | check_admin_referer( 'bulk-themes', '_wpnonce-bulk-themes' ); |
| 87 | 87 | if ( isset( $_POST['checked'] ) ) { |
| 88 | 88 | $themes = (array) $_POST['checked']; |
| 89 | 89 | $action = 'enabled'; |
| … |
… |
if ( $action ) { |
| 96 | 96 | } |
| 97 | 97 | break; |
| 98 | 98 | case 'disable-selected': |
| 99 | | check_admin_referer( 'bulk-themes' |
| | 99 | check_admin_referer( 'bulk-themes', '_wpnonce-bulk-themes' ); |
| 100 | 100 | if ( isset( $_POST['checked'] ) ) { |
| 101 | 101 | $themes = (array) $_POST['checked']; |
| 102 | 102 | $action = 'disabled'; |
-
diff --git wp-admin/network/site-users.php wp-admin/network/site-users.php
index 2064a76..522403a 100644
|
|
|
if ( $action ) { |
| 104 | 104 | case 'remove': |
| 105 | 105 | if ( ! current_user_can( 'remove_users' ) ) |
| 106 | 106 | die(__('You can’t remove users.')); |
| 107 | | check_admin_referer( 'bulk-users' |
| | 107 | check_admin_referer( 'bulk-users', '_wpnonce-bulk-users' ); |
| 108 | 108 | |
| 109 | 109 | $update = 'remove'; |
| 110 | 110 | if ( isset( $_REQUEST['users'] ) ) { |
| … |
… |
if ( $action ) { |
| 122 | 122 | break; |
| 123 | 123 | |
| 124 | 124 | case 'promote': |
| 125 | | check_admin_referer( 'bulk-users' |
| | 125 | check_admin_referer( 'bulk-users', '_wpnonce-bulk-users' ); |
| 126 | 126 | $editable_roles = get_editable_roles(); |
| 127 | 127 | if ( empty( $editable_roles[$_REQUEST['new_role']] ) ) |
| 128 | 128 | wp_die(__('You can’t give users that role.')); |
-
diff --git wp-admin/network/themes.php wp-admin/network/themes.php
index 04840ee..f76e6e4 100644
|
|
|
if ( $action ) { |
| 49 | 49 | exit; |
| 50 | 50 | break; |
| 51 | 51 | case 'enable-selected': |
| 52 | | check_admin_referer('bulk-themes'); |
| | 52 | check_admin_referer( 'bulk-themes', '_wpnonce-bulk-themes' ); |
| 53 | 53 | $themes = isset( $_POST['checked'] ) ? (array) $_POST['checked'] : array(); |
| 54 | 54 | if ( empty($themes) ) { |
| 55 | 55 | wp_safe_redirect( add_query_arg( 'error', 'none', $referer ) ); |
| … |
… |
if ( $action ) { |
| 62 | 62 | exit; |
| 63 | 63 | break; |
| 64 | 64 | case 'disable-selected': |
| 65 | | check_admin_referer('bulk-themes'); |
| | 65 | check_admin_referer( 'bulk-themes', '_wpnonce-bulk-themes' ); |
| 66 | 66 | $themes = isset( $_POST['checked'] ) ? (array) $_POST['checked'] : array(); |
| 67 | 67 | if ( empty($themes) ) { |
| 68 | 68 | wp_safe_redirect( add_query_arg( 'error', 'none', $referer ) ); |
| … |
… |
if ( $action ) { |
| 75 | 75 | exit; |
| 76 | 76 | break; |
| 77 | 77 | case 'update-selected' : |
| 78 | | check_admin_referer( 'bulk-themes' |
| | 78 | check_admin_referer( 'bulk-themes', '_wpnonce-bulk-themes' ); |
| 79 | 79 | |
| 80 | 80 | if ( isset( $_GET['themes'] ) ) |
| 81 | 81 | $themes = explode( ',', $_GET['themes'] ); |
| … |
… |
if ( $action ) { |
| 104 | 104 | case 'delete-selected': |
| 105 | 105 | if ( ! current_user_can( 'delete_themes' ) ) |
| 106 | 106 | wp_die( __('You do not have sufficient permissions to delete themes for this site.') ); |
| 107 | | check_admin_referer( 'bulk-themes' |
| | 107 | check_admin_referer( 'bulk-themes', '_wpnonce-bulk-themes' ); |
| 108 | 108 | |
| 109 | 109 | $themes = isset( $_REQUEST['checked'] ) ? (array) $_REQUEST['checked'] : array(); |
| 110 | 110 | |
-
diff --git wp-admin/network/users.php wp-admin/network/users.php
index 1318355..85f1448 100644
|
|
|
if ( isset( $_GET['action'] ) ) { |
| 117 | 117 | wp_die( __( 'You do not have permission to access this page.' ) ); |
| 118 | 118 | |
| 119 | 119 | if ( ( isset( $_POST['action']) || isset($_POST['action2'] ) ) && isset( $_POST['allusers'] ) ) { |
| 120 | | check_admin_referer( 'bulk-users-network' |
| | 120 | check_admin_referer( 'bulk-users-network', '_wpnonce-bulk-users-network' ); |
| 121 | 121 | |
| 122 | 122 | $doaction = $_POST['action'] != -1 ? $_POST['action'] : $_POST['action2']; |
| 123 | 123 | $userfunction = ''; |
-
diff --git wp-admin/plugins.php wp-admin/plugins.php
index 7fc3036..e81fe92 100644
|
|
|
if ( $action ) { |
| 65 | 65 | if ( ! current_user_can('activate_plugins') ) |
| 66 | 66 | wp_die(__('You do not have sufficient permissions to activate plugins for this site.')); |
| 67 | 67 | |
| 68 | | check_admin_referer('bulk-plugins'); |
| | 68 | check_admin_referer( 'bulk-plugins', '_wpnonce-bulk-plugins' ); |
| 69 | 69 | |
| 70 | 70 | $plugins = isset( $_POST['checked'] ) ? (array) $_POST['checked'] : array(); |
| 71 | 71 | |
| … |
… |
if ( $action ) { |
| 101 | 101 | break; |
| 102 | 102 | case 'update-selected' : |
| 103 | 103 | |
| 104 | | check_admin_referer( 'bulk-plugins' |
| | 104 | check_admin_referer( 'bulk-plugins', '_wpnonce-bulk-plugins' ); |
| 105 | 105 | |
| 106 | 106 | if ( isset( $_GET['plugins'] ) ) |
| 107 | 107 | $plugins = explode( ',', $_GET['plugins'] ); |
| … |
… |
if ( $action ) { |
| 174 | 174 | if ( ! current_user_can('activate_plugins') ) |
| 175 | 175 | wp_die(__('You do not have sufficient permissions to deactivate plugins for this site.')); |
| 176 | 176 | |
| 177 | | check_admin_referer('bulk-plugins'); |
| | 177 | check_admin_referer( 'bulk-plugins', '_wpnonce-bulk-plugins' ); |
| 178 | 178 | |
| 179 | 179 | $plugins = isset( $_POST['checked'] ) ? (array) $_POST['checked'] : array(); |
| 180 | 180 | // Do not deactivate plugins which are already deactivated. |
| … |
… |
if ( $action ) { |
| 205 | 205 | if ( ! current_user_can('delete_plugins') ) |
| 206 | 206 | wp_die(__('You do not have sufficient permissions to delete plugins for this site.')); |
| 207 | 207 | |
| 208 | | check_admin_referer('bulk-plugins'); |
| | 208 | check_admin_referer( 'bulk-plugins', '_wpnonce-bulk-plugins' ); |
| 209 | 209 | |
| 210 | 210 | //$_POST = from the plugin form; $_GET = from the FTP details screen. |
| 211 | 211 | $plugins = isset( $_REQUEST['checked'] ) ? (array) $_REQUEST['checked'] : array(); |
-
diff --git wp-admin/post.php wp-admin/post.php
index c638c18..f777bfd 100644
|
|
|
case 'postajaxpost': |
| 100 | 100 | case 'post': |
| 101 | 101 | case 'post-quickpress-publish': |
| 102 | 102 | case 'post-quickpress-save': |
| 103 | | check_admin_referer('add-' . $post_type); |
| | 103 | check_admin_referer( 'add-' . $post_type, '_wpnonce-add-' . $post_type ); |
| 104 | 104 | |
| 105 | 105 | if ( 'post-quickpress-publish' == $action ) |
| 106 | 106 | $_POST['publish'] = 'publish'; // tell write_post() to publish |
-
diff --git wp-admin/update.php wp-admin/update.php
index 687142e..822c6c7 100644
|
|
|
if ( isset($_GET['action']) ) { |
| 23 | 23 | if ( ! current_user_can( 'update_plugins' ) ) |
| 24 | 24 | wp_die( __( 'You do not have sufficient permissions to update plugins for this site.' ) ); |
| 25 | 25 | |
| 26 | | check_admin_referer( 'bulk-update-plugins' |
| | 26 | check_admin_referer( 'bulk-update-plugins', '_wpnonce-bulk-update-plugins' ); |
| 27 | 27 | |
| 28 | 28 | if ( isset( $_GET['plugins'] ) ) |
| 29 | 29 | $plugins = explode( ',', stripslashes($_GET['plugins']) ); |
| … |
… |
if ( isset($_GET['action']) ) { |
| 170 | 170 | if ( ! current_user_can( 'update_themes' ) ) |
| 171 | 171 | wp_die( __( 'You do not have sufficient permissions to update themes for this site.' ) ); |
| 172 | 172 | |
| 173 | | check_admin_referer( 'bulk-update-themes' |
| | 173 | check_admin_referer( 'bulk-update-themes', '_wpnonce-bulk-update-themes' ); |
| 174 | 174 | |
| 175 | 175 | if ( isset( $_GET['themes'] ) ) |
| 176 | 176 | $themes = explode( ',', stripslashes($_GET['themes']) ); |
-
diff --git wp-admin/upload.php wp-admin/upload.php
index 7d50d52..a05af95 100644
|
|
|
$pagenum = $wp_list_table->get_pagenum(); |
| 19 | 19 | $doaction = $wp_list_table->current_action(); |
| 20 | 20 | |
| 21 | 21 | if ( $doaction ) { |
| 22 | | check_admin_referer('bulk-media'); |
| | 22 | check_admin_referer( 'bulk-media', '_wpnonce-bulk-media' ); |
| 23 | 23 | |
| 24 | 24 | if ( 'delete_all' == $doaction ) { |
| 25 | 25 | $post_ids = $wpdb->get_col( "SELECT ID FROM $wpdb->posts WHERE post_type='attachment' AND post_status = 'trash'" ); |
-
diff --git wp-admin/users.php wp-admin/users.php
index 6ea1765..b9db4b9 100644
|
|
|
switch ( $wp_list_table->current_action() ) { |
| 95 | 95 | |
| 96 | 96 | /* Bulk Dropdown menu Role changes */ |
| 97 | 97 | case 'promote': |
| 98 | | check_admin_referer('bulk-users'); |
| | 98 | check_admin_referer( 'bulk-users', '_wpnonce-bulk-users' ); |
| 99 | 99 | |
| 100 | 100 | if ( ! current_user_can( 'promote_users' ) ) |
| 101 | 101 | wp_die( __( 'You can’t edit that user.' ) ); |
| … |
… |
case 'delete': |
| 191 | 191 | if ( is_multisite() ) |
| 192 | 192 | wp_die( __('User deletion is not allowed from this screen.') ); |
| 193 | 193 | |
| 194 | | check_admin_referer('bulk-users'); |
| | 194 | check_admin_referer( 'bulk-users', '_wpnonce-bulk-users' ); |
| 195 | 195 | |
| 196 | 196 | if ( empty($_REQUEST['users']) && empty($_REQUEST['user']) ) { |
| 197 | 197 | wp_redirect($redirect); |
| … |
… |
break; |
| 295 | 295 | |
| 296 | 296 | case 'remove': |
| 297 | 297 | |
| 298 | | check_admin_referer('bulk-users'); |
| | 298 | check_admin_referer( 'bulk-users', '_wpnonce-bulk-users' ); |
| 299 | 299 | |
| 300 | 300 | if ( ! is_multisite() ) |
| 301 | 301 | wp_die( __( 'You can’t remove users.' ) ); |
-
diff --git wp-includes/functions.php wp-includes/functions.php
index a41d32f..8fda660 100644
|
|
|
function wp_nonce_url( $actionurl, $action = -1 ) { |
| 1191 | 1191 | * @return string Nonce field. |
| 1192 | 1192 | */ |
| 1193 | 1193 | function wp_nonce_field( $action = -1, $name = "_wpnonce", $referer = true , $echo = true ) { |
| | 1194 | if ( 1 >= func_num_args() ) |
| | 1195 | _doing_it_wrong( __METHOD__, __( 'The action and name parameters are now required.' ), '3.6' ); |
| | 1196 | |
| 1194 | 1197 | $name = esc_attr( $name ); |
| 1195 | 1198 | $nonce_field = '<input type="hidden" id="' . $name . '" name="' . $name . '" value="' . wp_create_nonce( $action ) . '" />'; |
| 1196 | 1199 | |
-
diff --git wp-includes/js/autosave.js wp-includes/js/autosave.js
index 3920d36..9077f67 100644
|
|
|
jQuery(document).ready( function($) { |
| 61 | 61 | async: false, |
| 62 | 62 | data: { |
| 63 | 63 | action: 'wp-remove-post-lock', |
| 64 | | _wpnonce: $('#_wpnonce').val(), |
| | 64 | _wpnonce: $('input[name="edit_form_advanced_nonce"]').val(), |
| 65 | 65 | post_ID: $('#post_ID').val(), |
| 66 | 66 | active_post_lock: $('#active_post_lock').val() |
| 67 | 67 | } |