-
diff --git wp-admin/comment.php wp-admin/comment.php
index de5483e..e88c310 100644
|
|
if ( $comment->comment_approved != '0' ) { // if not unapproved |
191 | 191 | </tr> |
192 | 192 | </table> |
193 | 193 | |
194 | | <?php wp_nonce_field( $nonce_action ); ?> |
| 194 | <?php wp_nonce_field( array( 'action' => $nonce_action ) ); ?> |
195 | 195 | <input type='hidden' name='action' value='<?php echo esc_attr($formaction); ?>' /> |
196 | 196 | <input type='hidden' name='c' value='<?php echo esc_attr($comment->comment_ID); ?>' /> |
197 | 197 | <input type='hidden' name='noredir' value='1' /> |
-
diff --git wp-admin/custom-background.php wp-admin/custom-background.php
index a924eca..8d29874 100644
|
|
if ( get_background_image() ) { |
223 | 223 | <th scope="row"><?php _e('Remove Image'); ?></th> |
224 | 224 | <td> |
225 | 225 | <form method="post" action=""> |
226 | | <?php wp_nonce_field('custom-background-remove', '_wpnonce-custom-background-remove'); ?> |
| 226 | <?php wp_nonce_field( array( 'action' => 'custom-background-remove', |
| 227 | 'name' => '_wpnonce-custom-background-remove' ) ); ?> |
227 | 228 | <?php submit_button( __( 'Remove Background Image' ), 'button', 'remove-background', false ); ?><br/> |
228 | 229 | <?php _e('This will remove the background image. You will not be able to restore any customizations.') ?> |
229 | 230 | </form> |
… |
… |
if ( get_background_image() ) { |
237 | 238 | <th scope="row"><?php _e('Restore Original Image'); ?></th> |
238 | 239 | <td> |
239 | 240 | <form method="post" action=""> |
240 | | <?php wp_nonce_field('custom-background-reset', '_wpnonce-custom-background-reset'); ?> |
| 241 | <?php wp_nonce_field( array( 'action' => 'custom-background-reset', |
| 242 | 'name' => '_wpnonce-custom-background-reset' ) ); ?> |
241 | 243 | <?php submit_button( __( 'Restore Original Image' ), 'button', 'reset-background', false ); ?><br/> |
242 | 244 | <?php _e('This will restore the original background image. You will not be able to restore any customizations.') ?> |
243 | 245 | </form> |
… |
… |
if ( get_background_image() ) { |
252 | 254 | <label for="upload"><?php _e( 'Choose an image from your computer:' ); ?></label><br /> |
253 | 255 | <input type="file" id="upload" name="import" /> |
254 | 256 | <input type="hidden" name="action" value="save" /> |
255 | | <?php wp_nonce_field( 'custom-background-upload', '_wpnonce-custom-background-upload' ); ?> |
| 257 | <?php wp_nonce_field( array( 'action' => 'custom-background-upload', |
| 258 | 'name' => '_wpnonce-custom-background-upload' ) ); ?> |
256 | 259 | <?php submit_button( __( 'Upload' ), 'button', 'submit', false ); ?> |
257 | 260 | </p> |
258 | 261 | <p> |
… |
… |
if ( current_theme_supports( 'custom-background', 'default-color' ) ) |
328 | 331 | </tbody> |
329 | 332 | </table> |
330 | 333 | |
331 | | <?php wp_nonce_field('custom-background'); ?> |
| 334 | <?php wp_nonce_field( array( 'action' => 'custom-background' ) ); ?> |
332 | 335 | <?php submit_button( null, 'primary', 'save-background-options' ); ?> |
333 | 336 | </form> |
334 | 337 | |
-
diff --git wp-admin/custom-header.php wp-admin/custom-header.php
index 14f01df..966d777 100644
|
|
class Custom_Image_Header { |
517 | 517 | <label for="upload"><?php _e( 'Choose an image from your computer:' ); ?></label><br /> |
518 | 518 | <input type="file" id="upload" name="import" /> |
519 | 519 | <input type="hidden" name="action" value="save" /> |
520 | | <?php wp_nonce_field( 'custom-header-upload', '_wpnonce-custom-header-upload' ); ?> |
| 520 | <?php wp_nonce_field( array( 'action' => 'custom-header-upload', |
| 521 | 'name' => '_wpnonce-custom-header-upload' ) ); ?> |
521 | 522 | <?php submit_button( __( 'Upload' ), 'button', 'submit', false ); ?> |
522 | 523 | </p> |
523 | 524 | <?php |
… |
… |
if ( current_theme_supports( 'custom-header', 'default-text-color' ) ) { |
632 | 633 | |
633 | 634 | do_action( 'custom_header_options' ); |
634 | 635 | |
635 | | wp_nonce_field( 'custom-header-options', '_wpnonce-custom-header-options' ); ?> |
| 636 | wp_nonce_field( array( 'action' => 'custom-header-options', |
| 637 | 'name' => '_wpnonce-custom-header-options' ) ); ?> |
636 | 638 | |
637 | 639 | <?php submit_button( null, 'primary', 'save-header-options' ); ?> |
638 | 640 | </form> |
… |
… |
wp_nonce_field( 'custom-header-options', '_wpnonce-custom-header-options' ); ?> |
726 | 728 | <?php if ( empty( $_POST ) && isset( $_GET['file'] ) ) { ?> |
727 | 729 | <input type="hidden" name="create-new-attachment" value="true" /> |
728 | 730 | <?php } ?> |
729 | | <?php wp_nonce_field( 'custom-header-crop-image' ) ?> |
| 731 | <?php wp_nonce_field( array( 'action' => 'custom-header-crop-image' ) ); ?> |
730 | 732 | |
731 | 733 | <p class="submit"> |
732 | 734 | <?php submit_button( __( 'Crop and Publish' ), 'primary', 'submit', false ); ?> |
-
diff --git wp-admin/edit-form-advanced.php wp-admin/edit-form-advanced.php
index 7d142d9..b353313 100644
|
|
if ( isset( $post_new_file ) && current_user_can( $post_type_object->cap->create |
297 | 297 | <div id="message" class="updated"><p><?php echo $message; ?></p></div> |
298 | 298 | <?php endif; ?> |
299 | 299 | <form name="post" action="post.php" method="post" id="post"<?php do_action('post_edit_form_tag'); ?>> |
300 | | <?php wp_nonce_field($nonce_action); ?> |
| 300 | <?php wp_nonce_field( array( 'action' => $nonce_action ) ); ?> |
301 | 301 | <input type="hidden" id="user-id" name="user_ID" value="<?php echo (int) $user_ID ?>" /> |
302 | 302 | <input type="hidden" id="hiddenaction" name="action" value="<?php echo esc_attr( $form_action ) ?>" /> |
303 | 303 | <input type="hidden" id="originalaction" name="originalaction" value="<?php echo esc_attr( $form_action ) ?>" /> |
… |
… |
if ( 'draft' != get_post_status( $post ) ) |
314 | 314 | |
315 | 315 | echo $form_extra; |
316 | 316 | |
317 | | wp_nonce_field( 'autosave', 'autosavenonce', false ); |
318 | | wp_nonce_field( 'meta-box-order', 'meta-box-order-nonce', false ); |
319 | | wp_nonce_field( 'closedpostboxes', 'closedpostboxesnonce', false ); |
| 317 | wp_nonce_field( array( 'action' => 'autosave', |
| 318 | 'name' => 'autosavenonce', |
| 319 | 'id' => 'autosavenonce', |
| 320 | 'referrer' => false ) ); |
| 321 | wp_nonce_field( array( 'action' => 'meta-box-order', |
| 322 | 'name' => 'meta-box-order-nonce', |
| 323 | 'referrer' => false ) ); |
| 324 | wp_nonce_field( array( 'action' => 'closedpostboxes', |
| 325 | 'name' => 'closedpostboxesnonce', |
| 326 | 'id' => 'closedpostboxesnonce', |
| 327 | 'referrer' => false ) ); |
320 | 328 | ?> |
321 | 329 | |
322 | 330 | <div id="poststuff"> |
… |
… |
if ( $post_type_object->public && ! ( 'pending' == get_post_status( $post ) && ! |
348 | 356 | ?> |
349 | 357 | </div> |
350 | 358 | <?php |
351 | | wp_nonce_field( 'samplepermalink', 'samplepermalinknonce', false ); |
| 359 | wp_nonce_field( array( 'action' => 'samplepermalink', |
| 360 | 'name' => 'samplepermalinknonce', |
| 361 | 'id' => 'samplepermalinknonce', |
| 362 | 'referrer' => false ) ); |
352 | 363 | ?> |
353 | 364 | </div><!-- /titlediv --> |
354 | 365 | <?php |
-
diff --git wp-admin/edit-form-comment.php wp-admin/edit-form-comment.php
index 14a2966..94e22ea 100644
|
|
if ( !defined('ABSPATH') ) |
11 | 11 | die('-1'); |
12 | 12 | ?> |
13 | 13 | <form name="post" action="comment.php" method="post" id="post"> |
14 | | <?php wp_nonce_field('update-comment_' . $comment->comment_ID) ?> |
| 14 | <?php wp_nonce_field( array( 'action' => 'update-comment_' . $comment->comment_ID, 'id' => '_wpnonce' ) ); ?> |
15 | 15 | <div class="wrap"> |
16 | 16 | <?php screen_icon(); ?> |
17 | 17 | <h2><?php _e('Edit Comment'); ?></h2> |
… |
… |
if ( !defined('ABSPATH') ) |
62 | 62 | </div> |
63 | 63 | |
64 | 64 | <div id="postdiv" class="postarea"> |
65 | | <?php |
| 65 | <?php |
66 | 66 | $quicktags_settings = array( 'buttons' => 'strong,em,link,block,del,ins,img,ul,ol,li,code,spell,close' ); |
67 | 67 | wp_editor( $comment->comment_content, 'content', array( 'media_buttons' => false, 'tinymce' => false, 'quicktags' => $quicktags_settings ) ); |
68 | | wp_nonce_field( 'closedpostboxes', 'closedpostboxesnonce', false ); ?> |
| 68 | wp_nonce_field( array( 'action' => 'closedpostboxes', |
| 69 | 'name' => 'closedpostboxesnonce', |
| 70 | 'id' => 'closedpostboxesnonce', |
| 71 | 'referrer' => false ) ); |
| 72 | ?> |
69 | 73 | </div> |
70 | 74 | </div><!-- /post-body-content --> |
71 | 75 | |
-
diff --git wp-admin/edit-link-form.php wp-admin/edit-link-form.php
index 6d81ec0..0af5273 100644
|
|
if ( !empty($form) ) |
71 | 71 | if ( !empty($link_added) ) |
72 | 72 | echo $link_added; |
73 | 73 | |
74 | | wp_nonce_field( $nonce_action ); |
75 | | wp_nonce_field( 'closedpostboxes', 'closedpostboxesnonce', false ); |
76 | | wp_nonce_field( 'meta-box-order', 'meta-box-order-nonce', false ); ?> |
| 74 | wp_nonce_field( array( 'action' => $nonce_action ) ); |
| 75 | wp_nonce_field( array( 'action' => 'closedpostboxes', |
| 76 | 'name' => 'closedpostboxesnonce', |
| 77 | 'id' => 'closedpostboxesnonce', |
| 78 | 'referrer' => false ) ); |
| 79 | wp_nonce_field( array( 'action' => 'meta-box-order', |
| 80 | 'name' => 'meta-box-order-nonce', |
| 81 | 'referrer' => false ) ); ?> |
77 | 82 | |
78 | 83 | <div id="poststuff"> |
79 | 84 | |
-
diff --git wp-admin/edit-tag-form.php wp-admin/edit-tag-form.php
index 034642a..d25c332 100644
|
|
do_action($taxonomy . '_pre_edit_form', $tag, $taxonomy); ?> |
34 | 34 | <input type="hidden" name="action" value="editedtag" /> |
35 | 35 | <input type="hidden" name="tag_ID" value="<?php echo esc_attr($tag->term_id) ?>" /> |
36 | 36 | <input type="hidden" name="taxonomy" value="<?php echo esc_attr($taxonomy) ?>" /> |
37 | | <?php wp_original_referer_field(true, 'previous'); wp_nonce_field('update-tag_' . $tag_ID); ?> |
| 37 | <?php wp_original_referer_field(true, 'previous'); wp_nonce_field( array( 'action' => 'update-tag_' . $tag_ID ) ); ?> |
38 | 38 | <table class="form-table"> |
39 | 39 | <tr class="form-field form-required"> |
40 | 40 | <th scope="row" valign="top"><label for="name"><?php _ex('Name', 'Taxonomy Name'); ?></label></th> |
-
diff --git wp-admin/edit-tags.php wp-admin/edit-tags.php
index 7250a66..6a615a2 100644
|
|
if ( current_user_can($tax->cap->edit_terms) ) { |
354 | 354 | <input type="hidden" name="screen" value="<?php echo esc_attr($current_screen->id); ?>" /> |
355 | 355 | <input type="hidden" name="taxonomy" value="<?php echo esc_attr($taxonomy); ?>" /> |
356 | 356 | <input type="hidden" name="post_type" value="<?php echo esc_attr($post_type); ?>" /> |
357 | | <?php wp_nonce_field('add-tag', '_wpnonce_add-tag'); ?> |
| 357 | <?php wp_nonce_field( array( 'action' => 'add-tag', |
| 358 | 'name' => '_wpnonce_add-tag' ) ); ?> |
358 | 359 | |
359 | 360 | <div class="form-field form-required"> |
360 | 361 | <label for="tag-name"><?php _ex('Name', 'Taxonomy Name'); ?></label> |
-
diff --git wp-admin/includes/class-wp-comments-list-table.php wp-admin/includes/class-wp-comments-list-table.php
index cf0ab88..6b1b571 100644
|
|
class WP_Comments_List_Table extends WP_List_Table { |
231 | 231 | } |
232 | 232 | |
233 | 233 | if ( ( 'spam' == $comment_status || 'trash' == $comment_status ) && current_user_can( 'moderate_comments' ) ) { |
234 | | wp_nonce_field( 'bulk-destroy', '_destroy_nonce' ); |
235 | 234 | $title = ( 'spam' == $comment_status ) ? esc_attr__( 'Empty Spam' ) : esc_attr__( 'Empty Trash' ); |
236 | 235 | submit_button( $title, 'apply', 'delete_all', false ); |
237 | 236 | } |
… |
… |
class WP_Comments_List_Table extends WP_List_Table { |
273 | 272 | function display() { |
274 | 273 | extract( $this->_args ); |
275 | 274 | |
276 | | wp_nonce_field( "fetch-list-" . get_class( $this ), '_ajax_fetch_list_nonce' ); |
| 275 | wp_nonce_field( array( 'action' => 'fetch-list-' . get_class( $this ), |
| 276 | 'name' => '_ajax_fetch_list_nonce' ) ); |
277 | 277 | |
278 | 278 | $this->display_tablenav( 'top' ); |
279 | 279 | |
… |
… |
class WP_Post_Comments_List_Table extends WP_Comments_List_Table { |
549 | 549 | function display( $output_empty = false ) { |
550 | 550 | extract( $this->_args ); |
551 | 551 | |
552 | | wp_nonce_field( "fetch-list-" . get_class( $this ), '_ajax_fetch_list_nonce' ); |
| 552 | wp_nonce_field( array( 'action' => 'fetch-list-' . get_class( $this ), |
| 553 | 'name' => '_ajax_fetch_list_nonce' ) ); |
553 | 554 | ?> |
554 | 555 | <table class="<?php echo implode( ' ', $this->get_table_classes() ); ?>" cellspacing="0" style="display:none;"> |
555 | 556 | <tbody id="the-comment-list"<?php if ( $singular ) echo " data-wp-lists='list:$singular'"; ?>> |
-
diff --git wp-admin/includes/class-wp-list-table.php wp-admin/includes/class-wp-list-table.php
index 8c91c70..7100916 100644
|
|
class WP_List_Table { |
760 | 760 | */ |
761 | 761 | function display_tablenav( $which ) { |
762 | 762 | if ( 'top' == $which ) |
763 | | wp_nonce_field( 'bulk-' . $this->_args['plural'] ); |
| 763 | wp_nonce_field( array( 'action' => 'bulk-' . $this->_args['plural'] ) ); |
764 | 764 | ?> |
765 | 765 | <div class="tablenav <?php echo esc_attr( $which ); ?>"> |
766 | 766 | |
-
diff --git wp-admin/includes/class-wp-posts-list-table.php wp-admin/includes/class-wp-posts-list-table.php
index c772fa6..c41d22d 100644
|
|
class WP_Posts_List_Table extends WP_List_Table { |
1037 | 1037 | <p class="submit inline-edit-save"> |
1038 | 1038 | <a accesskey="c" href="#inline-edit" title="<?php esc_attr_e( 'Cancel' ); ?>" class="button-secondary cancel alignleft"><?php _e( 'Cancel' ); ?></a> |
1039 | 1039 | <?php if ( ! $bulk ) { |
1040 | | wp_nonce_field( 'inlineeditnonce', '_inline_edit', false ); |
| 1040 | wp_nonce_field( array( 'action' => 'inlineeditnonce', |
| 1041 | 'name' => '_inline_edit', |
| 1042 | 'referrer' => false ) ); |
1041 | 1043 | $update_text = __( 'Update' ); |
1042 | 1044 | ?> |
1043 | 1045 | <a accesskey="s" href="#inline-edit" title="<?php esc_attr_e( 'Update' ); ?>" class="button-primary save alignright"><?php echo esc_attr( $update_text ); ?></a> |
-
diff --git wp-admin/includes/class-wp-terms-list-table.php wp-admin/includes/class-wp-terms-list-table.php
index 8501010..8c10951 100644
|
|
class WP_Terms_List_Table extends WP_List_Table { |
366 | 366 | <a accesskey="s" href="#inline-edit" title="<?php echo esc_attr( $update_text ); ?>" class="save button-primary alignright"><?php echo $update_text; ?></a> |
367 | 367 | <span class="spinner"></span> |
368 | 368 | <span class="error" style="display:none;"></span> |
369 | | <?php wp_nonce_field( 'taxinlineeditnonce', '_inline_edit', false ); ?> |
| 369 | <?php wp_nonce_field( array( 'action' => 'taxinlineeditnonce', |
| 370 | 'name' => '_inline_edit', |
| 371 | 'referrer' => false ) ); ?> |
370 | 372 | <input type="hidden" name="taxonomy" value="<?php echo esc_attr( $this->screen->taxonomy ); ?>" /> |
371 | 373 | <input type="hidden" name="post_type" value="<?php echo esc_attr( $this->screen->post_type ); ?>" /> |
372 | 374 | <br class="clear" /> |
-
diff --git wp-admin/includes/class-wp-theme-install-list-table.php wp-admin/includes/class-wp-theme-install-list-table.php
index 8aa8929..0e1a588 100644
|
|
class WP_Theme_Install_List_Table extends WP_Themes_List_Table { |
127 | 127 | } |
128 | 128 | |
129 | 129 | function display() { |
130 | | wp_nonce_field( "fetch-list-" . get_class( $this ), '_ajax_fetch_list_nonce' ); |
| 130 | wp_nonce_field( array( 'action' => 'fetch-list-' . get_class( $this ), |
| 131 | 'name' => '_ajax_fetch_list_nonce' ) ); |
131 | 132 | ?> |
132 | 133 | <div class="tablenav top themes"> |
133 | 134 | <div class="alignleft actions"> |
-
diff --git wp-admin/includes/class-wp-themes-list-table.php wp-admin/includes/class-wp-themes-list-table.php
index 420495e..c43c2d8 100644
|
|
class WP_Themes_List_Table extends WP_List_Table { |
98 | 98 | } |
99 | 99 | |
100 | 100 | function display() { |
101 | | wp_nonce_field( "fetch-list-" . get_class( $this ), '_ajax_fetch_list_nonce' ); |
| 101 | wp_nonce_field( array( 'action' => 'fetch-list-' . get_class( $this ), |
| 102 | 'name' => '_ajax_fetch_list_nonce' ) ); |
102 | 103 | ?> |
103 | 104 | <?php $this->tablenav( 'top' ); ?> |
104 | 105 | |
-
diff --git wp-admin/includes/dashboard.php wp-admin/includes/dashboard.php
index 0df8109..c8917b2 100644
|
|
function wp_add_dashboard_widget( $widget_id, $widget_name, $callback, $control_ |
183 | 183 | function _wp_dashboard_control_callback( $dashboard, $meta_box ) { |
184 | 184 | echo '<form action="" method="post" class="dashboard-widget-control-form">'; |
185 | 185 | wp_dashboard_trigger_widget_control( $meta_box['id'] ); |
186 | | wp_nonce_field( 'edit-dashboard-widget_' . $meta_box['id'], 'dashboard-widget-nonce' ); |
| 186 | wp_nonce_field( array( 'action' => 'edit-dashboard-widget_' . $meta_box['id'], |
| 187 | 'name' => 'dashboard-widget-nonce' ) ); |
187 | 188 | echo '<input type="hidden" name="widget_id" value="' . esc_attr($meta_box['id']) . '" />'; |
188 | 189 | submit_button( __('Submit') ); |
189 | 190 | echo '</form>'; |
… |
… |
function wp_dashboard() { |
215 | 216 | </div> |
216 | 217 | |
217 | 218 | <?php |
218 | | wp_nonce_field( 'closedpostboxes', 'closedpostboxesnonce', false ); |
219 | | wp_nonce_field( 'meta-box-order', 'meta-box-order-nonce', false ); |
| 219 | wp_nonce_field( array( 'action' => 'closedpostboxes', |
| 220 | 'name' => 'closedpostboxesnonce', |
| 221 | 'id' => 'closedpostboxesnonce', |
| 222 | 'referrer' => false ) ); |
| 223 | wp_nonce_field( array( 'action' => 'meta-box-order', |
| 224 | 'name' => 'meta-box-order-nonce', |
| 225 | 'referrer' => false ) ); |
220 | 226 | |
221 | 227 | } |
222 | 228 | |
… |
… |
function wp_dashboard_quick_press() { |
557 | 563 | <input type="hidden" name="action" id="quickpost-action" value="post-quickpress-save" /> |
558 | 564 | <input type="hidden" name="post_ID" value="<?php echo $post_ID; ?>" /> |
559 | 565 | <input type="hidden" name="post_type" value="post" /> |
560 | | <?php wp_nonce_field('add-post'); ?> |
| 566 | <?php wp_nonce_field( array( 'action' => 'add-post' ) ); ?> |
561 | 567 | <?php submit_button( __( 'Save Draft' ), 'button', 'save', false, array( 'id' => 'save-post' ) ); ?> |
562 | 568 | <input type="reset" value="<?php esc_attr_e( 'Reset' ); ?>" class="button" /> |
563 | 569 | <br class="clear" /> |
-
diff --git wp-admin/includes/media.php wp-admin/includes/media.php
index beb3dcc..f8481f8 100644
|
|
function media_upload_type_form($type = 'file', $errors = null, $id = null) { |
1602 | 1602 | <form enctype="multipart/form-data" method="post" action="<?php echo esc_attr($form_action_url); ?>" class="<?php echo $form_class; ?>" id="<?php echo $type; ?>-form"> |
1603 | 1603 | <?php submit_button( '', 'hidden', 'save', false ); ?> |
1604 | 1604 | <input type="hidden" name="post_id" id="post_id" value="<?php echo (int) $post_id; ?>" /> |
1605 | | <?php wp_nonce_field('media-form'); ?> |
| 1605 | <?php wp_nonce_field( array( 'action' => 'media-form' ) ); ?> |
1606 | 1606 | |
1607 | 1607 | <h3 class="media-title"><?php _e('Add media files from your computer'); ?></h3> |
1608 | 1608 | |
… |
… |
function media_upload_type_url_form($type = null, $errors = null, $id = null) { |
1666 | 1666 | |
1667 | 1667 | <form enctype="multipart/form-data" method="post" action="<?php echo esc_attr($form_action_url); ?>" class="<?php echo $form_class; ?>" id="<?php echo $type; ?>-form"> |
1668 | 1668 | <input type="hidden" name="post_id" id="post_id" value="<?php echo (int) $post_id; ?>" /> |
1669 | | <?php wp_nonce_field('media-form'); ?> |
| 1669 | <?php wp_nonce_field( array( 'action' => 'media-form' ) ); ?> |
1670 | 1670 | |
1671 | 1671 | <h3 class="media-title"><?php _e('Insert media from another website'); ?></h3> |
1672 | 1672 | |
… |
… |
jQuery(function($){ |
1816 | 1816 | <a href="#" id="clear"><?php _ex('Clear', 'verb'); ?></a> |
1817 | 1817 | </div> |
1818 | 1818 | <form enctype="multipart/form-data" method="post" action="<?php echo esc_attr($form_action_url); ?>" class="<?php echo $form_class; ?>" id="gallery-form"> |
1819 | | <?php wp_nonce_field('media-form'); ?> |
| 1819 | <?php wp_nonce_field( array( 'action' => 'media-form' ) ); ?> |
1820 | 1820 | <?php //media_upload_form( $errors ); ?> |
1821 | 1821 | <table class="widefat" cellspacing="0"> |
1822 | 1822 | <thead><tr> |
… |
… |
foreach ($arc_result as $arc_row) { |
2057 | 2057 | |
2058 | 2058 | <form enctype="multipart/form-data" method="post" action="<?php echo esc_attr($form_action_url); ?>" class="<?php echo $form_class; ?>" id="library-form"> |
2059 | 2059 | |
2060 | | <?php wp_nonce_field('media-form'); ?> |
| 2060 | <?php wp_nonce_field( array( 'action' => 'media-form' ) ); ?> |
2061 | 2061 | <?php //media_upload_form( $errors ); ?> |
2062 | 2062 | |
2063 | 2063 | <script type="text/javascript"> |
-
diff --git wp-admin/includes/meta-boxes.php wp-admin/includes/meta-boxes.php
index 2b0b286..4af76ab 100644
|
|
function post_categories_meta_box( $post, $box ) { |
421 | 421 | </label> |
422 | 422 | <?php wp_dropdown_categories( array( 'taxonomy' => $taxonomy, 'hide_empty' => 0, 'name' => 'new'.$taxonomy.'_parent', 'orderby' => 'name', 'hierarchical' => 1, 'show_option_none' => '— ' . $tax->labels->parent_item . ' —' ) ); ?> |
423 | 423 | <input type="button" id="<?php echo $taxonomy; ?>-add-submit" data-wp-lists="add:<?php echo $taxonomy ?>checklist:<?php echo $taxonomy ?>-add" class="button category-add-submit" value="<?php echo esc_attr( $tax->labels->add_new_item ); ?>" /> |
424 | | <?php wp_nonce_field( 'add-'.$taxonomy, '_ajax_nonce-add-'.$taxonomy, false ); ?> |
| 424 | <?php wp_nonce_field( array( 'action' => 'add-'.$taxonomy, |
| 425 | 'name' => '_ajax_nonce-add-'.$taxonomy, |
| 426 | 'referrer' => false ) ); ?> |
425 | 427 | <span id="<?php echo $taxonomy; ?>-ajax-response"></span> |
426 | 428 | </p> |
427 | 429 | </div> |
… |
… |
function post_comment_meta_box_thead($result) { |
535 | 537 | function post_comment_meta_box( $post ) { |
536 | 538 | global $wpdb; |
537 | 539 | |
538 | | wp_nonce_field( 'get-comments', 'add_comment_nonce', false ); |
| 540 | wp_nonce_field( array( 'action' => 'get-comments', |
| 541 | 'name' => 'add_comment_nonce', |
| 542 | 'referrer' => false ) ); |
539 | 543 | ?> |
540 | 544 | <p class="hide-if-no-js" id="add-new-comment"><a href="#commentstatusdiv" onclick="commentReply.addcomment(<?php echo $post->ID; ?>);return false;"><?php _e('Add comment'); ?></a></p> |
541 | 545 | <?php |
… |
… |
function link_categories_meta_box($link) { |
753 | 757 | <label class="screen-reader-text" for="newcat"><?php _e( '+ Add New Category' ); ?></label> |
754 | 758 | <input type="text" name="newcat" id="newcat" class="form-required form-input-tip" value="<?php esc_attr_e( 'New category name' ); ?>" aria-required="true" /> |
755 | 759 | <input type="button" id="link-category-add-submit" data-wp-lists="add:categorychecklist:link-category-add" class="button" value="<?php esc_attr_e( 'Add' ); ?>" /> |
756 | | <?php wp_nonce_field( 'add-link-category', '_ajax_nonce', false ); ?> |
| 760 | <?php wp_nonce_field( array( 'action' => 'add-link-category', |
| 761 | 'name' => '_ajax_nonce', |
| 762 | 'referrer' => false ) ); ?> |
757 | 763 | <span id="category-ajax-response"></span> |
758 | 764 | </p> |
759 | 765 | </div> |
-
diff --git wp-admin/includes/plugin-install.php wp-admin/includes/plugin-install.php
index 63a5f71..ca2a77c 100644
|
|
function install_plugins_upload( $page = 1 ) { |
145 | 145 | <h4><?php _e('Install a plugin in .zip format'); ?></h4> |
146 | 146 | <p class="install-help"><?php _e('If you have a plugin in a .zip format, you may install it by uploading it here.'); ?></p> |
147 | 147 | <form method="post" enctype="multipart/form-data" class="wp-upload-form" action="<?php echo self_admin_url('update.php?action=upload-plugin'); ?>"> |
148 | | <?php wp_nonce_field( 'plugin-upload'); ?> |
| 148 | <?php wp_nonce_field( array( 'action' => 'plugin-upload' ) ); ?> |
149 | 149 | <label class="screen-reader-text" for="pluginzip"><?php _e('Plugin zip file'); ?></label> |
150 | 150 | <input type="file" id="pluginzip" name="pluginzip" /> |
151 | 151 | <?php submit_button( __( 'Install Now' ), 'button', 'install-plugin-submit', false ); ?> |
-
diff --git wp-admin/includes/plugin.php wp-admin/includes/plugin.php
index 109e66d..e8c2047 100644
|
|
function remove_option_whitelist( $del_options, $options = '' ) { |
1759 | 1759 | function settings_fields($option_group) { |
1760 | 1760 | echo "<input type='hidden' name='option_page' value='" . esc_attr($option_group) . "' />"; |
1761 | 1761 | echo '<input type="hidden" name="action" value="update" />'; |
1762 | | wp_nonce_field("$option_group-options"); |
| 1762 | wp_nonce_field( array( 'action' => "$option_group-options" ) ); |
1763 | 1763 | } |
-
diff --git wp-admin/includes/screen.php wp-admin/includes/screen.php
index 4a409e8..aea6b9f 100644
|
|
final class WP_Screen { |
986 | 986 | echo $this->_screen_settings; |
987 | 987 | |
988 | 988 | ?> |
989 | | <div><?php wp_nonce_field( 'screen-options-nonce', 'screenoptionnonce', false ); ?></div> |
| 989 | <div><?php wp_nonce_field( array( 'action' => 'screen-options-nonce', |
| 990 | 'name' => 'screenoptionnonce', |
| 991 | 'referrer' => false ) ); ?></div> |
990 | 992 | </form> |
991 | 993 | </div> |
992 | 994 | <?php |
-
diff --git wp-admin/includes/template.php wp-admin/includes/template.php
index 788a4bd..e46a043 100644
|
|
function wp_comment_reply($position = '1', $checkbox = false, $mode = 'single', |
374 | 374 | <input type="hidden" name="checkbox" id="checkbox" value="<?php echo $checkbox ? 1 : 0; ?>" /> |
375 | 375 | <input type="hidden" name="mode" id="mode" value="<?php echo esc_attr($mode); ?>" /> |
376 | 376 | <?php |
377 | | wp_nonce_field( 'replyto-comment', '_ajax_nonce-replyto-comment', false ); |
| 377 | wp_nonce_field( array( 'action' => 'replyto-comment', |
| 378 | 'name' => '_ajax_nonce-replyto-comment', |
| 379 | 'referrer' => false ) ); |
378 | 380 | if ( current_user_can( 'unfiltered_html' ) ) |
379 | | wp_nonce_field( 'unfiltered-html-comment', '_wp_unfiltered_html_comment', false ); |
| 381 | wp_nonce_field( array( 'action' => 'unfiltered-html-comment', |
| 382 | 'name' => '_wp_unfiltered_html_comment', |
| 383 | 'referrer' => false ) ); |
380 | 384 | ?> |
381 | 385 | <?php if ( $table_row ) : ?> |
382 | 386 | </td></tr></tbody></table> |
… |
… |
function _list_meta_row( $entry, &$count ) { |
496 | 500 | $r .= "\n\t\t"; |
497 | 501 | $r .= get_submit_button( __( 'Update' ), 'updatemeta small', "meta-{$entry['meta_id']}-submit", false, array( 'data-wp-lists' => "add:the-list:meta-{$entry['meta_id']}::_ajax_nonce-add-meta=$update_nonce" ) ); |
498 | 502 | $r .= "</div>"; |
499 | | $r .= wp_nonce_field( 'change-meta', '_ajax_nonce', false, false ); |
| 503 | $r .= wp_nonce_field( array( 'action' => 'change-meta', // Where is this nonce field actually checked? Doesn't look like it's used anywhere. |
| 504 | 'name' => '_ajax_nonce', 'id' => '_ajax_nonce', |
| 505 | 'referrer' => false, 'echo' => false ) ); |
500 | 506 | $r .= "</td>"; |
501 | 507 | |
502 | 508 | $r .= "\n\t\t<td><label class='screen-reader-text' for='meta[{$entry['meta_id']}][value]'>" . __( 'Value' ) . "</label><textarea name='meta[{$entry['meta_id']}][value]' id='meta[{$entry['meta_id']}][value]' rows='2' cols='30'>{$entry['meta_value']}</textarea></td>\n\t</tr>"; |
… |
… |
function meta_form() { |
558 | 564 | <div class="submit"> |
559 | 565 | <?php submit_button( __( 'Add Custom Field' ), 'secondary', 'addmeta', false, array( 'id' => 'newmeta-submit', 'data-wp-lists' => 'add:the-list:newmeta' ) ); ?> |
560 | 566 | </div> |
561 | | <?php wp_nonce_field( 'add-meta', '_ajax_nonce-add-meta', false ); ?> |
| 567 | <?php wp_nonce_field( array( 'action' => 'add-meta', |
| 568 | 'name' => '_ajax_nonce-add-meta', |
| 569 | 'referrer' => false ) ); ?> |
562 | 570 | </td></tr> |
563 | 571 | </tbody> |
564 | 572 | </table> |
… |
… |
function find_posts_div($found_action = '') { |
1275 | 1283 | <?php } ?> |
1276 | 1284 | |
1277 | 1285 | <input type="hidden" name="affected" id="affected" value="" /> |
1278 | | <?php wp_nonce_field( 'find-posts', '_ajax_nonce', false ); ?> |
| 1286 | <?php wp_nonce_field( array( 'action' => 'find-posts', |
| 1287 | 'name' => '_ajax_nonce', |
| 1288 | 'referrer' => false ) ); ?> |
1279 | 1289 | <label class="screen-reader-text" for="find-posts-input"><?php _e( 'Search' ); ?></label> |
1280 | 1290 | <input type="text" id="find-posts-input" name="ps" value="" /> |
1281 | 1291 | <span class="spinner"></span> |
-
diff --git wp-admin/includes/theme-install.php wp-admin/includes/theme-install.php
index d0a18a7..a191090 100644
|
|
function install_themes_upload($page = 1) { |
137 | 137 | <h4><?php _e('Install a theme in .zip format'); ?></h4> |
138 | 138 | <p class="install-help"><?php _e('If you have a theme in a .zip format, you may install it by uploading it here.'); ?></p> |
139 | 139 | <form method="post" enctype="multipart/form-data" class="wp-upload-form" action="<?php echo self_admin_url('update.php?action=upload-theme'); ?>"> |
140 | | <?php wp_nonce_field( 'theme-upload'); ?> |
| 140 | <?php wp_nonce_field( array( 'action' => 'theme-upload' ) ); ?> |
141 | 141 | <input type="file" name="themezip" /> |
142 | 142 | <?php submit_button( __( 'Install Now' ), 'button', 'install-theme-submit', false ); ?> |
143 | 143 | </form> |
-
diff --git wp-admin/index.php wp-admin/index.php
index b476267..3a4e6b0 100644
|
|
$today = current_time('mysql', 1); |
118 | 118 | $classes .= ' hidden'; ?> |
119 | 119 | |
120 | 120 | <div id="welcome-panel" class="<?php echo esc_attr( $classes ); ?>"> |
121 | | <?php wp_nonce_field( 'welcome-panel-nonce', 'welcomepanelnonce', false ); ?> |
| 121 | <?php wp_nonce_field( array( 'action' => 'welcome-panel-nonce', |
| 122 | 'name' => 'welcomepanelnonce', |
| 123 | 'referrer' => false ) ); ?> |
122 | 124 | <a class="welcome-panel-close" href="<?php echo esc_url( admin_url( '?welcome=0' ) ); ?>"><?php _e( 'Dismiss' ); ?></a> |
123 | 125 | <?php do_action( 'welcome_panel' ); ?> |
124 | 126 | </div> |
-
diff --git wp-admin/js/common.js wp-admin/js/common.js
index 0f6b84d..fc98bf0 100644
|
|
columns = { |
30 | 30 | $.post(ajaxurl, { |
31 | 31 | action: 'hidden-columns', |
32 | 32 | hidden: hidden, |
33 | | screenoptionnonce: $('#screenoptionnonce').val(), |
| 33 | screenoptionnonce: $('input[name="screenoptionnonce"]').val(), |
34 | 34 | page: pagenow |
35 | 35 | }); |
36 | 36 | }, |
-
diff --git wp-admin/js/dashboard.js wp-admin/js/dashboard.js
index 50a17f8..d47c956 100644
|
|
jQuery(document).ready( function($) { |
8 | 8 | $.post( ajaxurl, { |
9 | 9 | action: 'update-welcome-panel', |
10 | 10 | visible: visible, |
11 | | welcomepanelnonce: $('#welcomepanelnonce').val() |
| 11 | welcomepanelnonce: $('input[name="welcomepanelnonce"]').val() |
12 | 12 | }); |
13 | 13 | }; |
14 | 14 | |
-
diff --git wp-admin/js/edit-comments.js wp-admin/js/edit-comments.js
index 038a1e5..531b1e8 100644
|
|
setCommentsList = function() { |
263 | 263 | args = $.extend(args, { |
264 | 264 | 'action': 'fetch-list', |
265 | 265 | 'list_args': list_args, |
266 | | '_ajax_fetch_list_nonce': $('#_ajax_fetch_list_nonce').val() |
| 266 | '_ajax_fetch_list_nonce': $('input[name="_ajax_fetch_list_nonce"]').val() |
267 | 267 | }); |
268 | 268 | |
269 | 269 | $.ajax({ |
-
diff --git wp-admin/js/media.js wp-admin/js/media.js
index b4ed0fb..a3aabce 100644
|
|
var findPosts; |
48 | 48 | var post = { |
49 | 49 | ps: $('#find-posts-input').val(), |
50 | 50 | action: 'find_posts', |
51 | | _ajax_nonce: $('#_ajax_nonce').val() |
| 51 | _ajax_nonce: $('input[name="_ajax_nonce"]').val() |
52 | 52 | }, |
53 | 53 | spinner = $( '.find-box-search .spinner' ); |
54 | 54 | |
-
diff --git wp-admin/js/nav-menu.js wp-admin/js/nav-menu.js
index 20f0fc3..c6df0d6 100644
|
|
var wpNavMenu; |
466 | 466 | attachThemeLocationsListeners : function() { |
467 | 467 | var loc = $('#nav-menu-theme-locations'), params = {}; |
468 | 468 | params['action'] = 'menu-locations-save'; |
469 | | params['menu-settings-column-nonce'] = $('#menu-settings-column-nonce').val(); |
| 469 | params['menu-settings-column-nonce'] = $('input[name="menu-settings-column-nonce"]').val(); |
470 | 470 | loc.find('input[type="submit"]').click(function() { |
471 | 471 | loc.find('select').each(function() { |
472 | 472 | params[this.name] = $(this).val(); |
… |
… |
var wpNavMenu; |
510 | 510 | 'action': 'menu-quick-search', |
511 | 511 | 'response-format': 'markup', |
512 | 512 | 'menu': $('#menu').val(), |
513 | | 'menu-settings-column-nonce': $('#menu-settings-column-nonce').val(), |
| 513 | 'menu-settings-column-nonce': $('input[name="menu-settings-column-nonce"]').val(), |
514 | 514 | 'q': q, |
515 | 515 | 'type': input.attr('name') |
516 | 516 | }; |
… |
… |
var wpNavMenu; |
557 | 557 | |
558 | 558 | addItemToMenu : function(menuItem, processMethod, callback) { |
559 | 559 | var menu = $('#menu').val(), |
560 | | nonce = $('#menu-settings-column-nonce').val(); |
| 560 | nonce = $('input[name="menu-settings-column-nonce"]').val(); |
561 | 561 | |
562 | 562 | processMethod = processMethod || function(){}; |
563 | 563 | callback = callback || function(){}; |
-
diff --git wp-admin/js/post.js wp-admin/js/post.js
index d08dc4a..b947f6a 100644
|
|
commentsBox = { |
188 | 188 | data = { |
189 | 189 | 'action' : 'get-comments', |
190 | 190 | 'mode' : 'single', |
191 | | '_ajax_nonce' : $('#add_comment_nonce').val(), |
| 191 | '_ajax_nonce' : $('input[name="add_comment_nonce"]').val(), |
192 | 192 | 'p' : $('#post_ID').val(), |
193 | 193 | 'start' : st, |
194 | 194 | 'number' : num |
-
diff --git wp-admin/js/postbox.js wp-admin/js/postbox.js
index 838db5d..e4a9f37 100644
|
|
var postboxes; |
121 | 121 | |
122 | 122 | postVars = { |
123 | 123 | action: 'meta-box-order', |
124 | | _ajax_nonce: $('#meta-box-order-nonce').val(), |
| 124 | _ajax_nonce: $('input[name="meta-box-order-nonce"]').val(), |
125 | 125 | page_columns: page_columns, |
126 | 126 | page: page |
127 | 127 | } |
-
diff --git wp-admin/js/theme.js wp-admin/js/theme.js
index 079c73b..71bdb6d 100644
|
|
jQuery( document ).ready( function($) { |
123 | 123 | * @uses ajaxurl |
124 | 124 | * @uses list_args |
125 | 125 | * @uses theme_list_args |
126 | | * @uses $('#_ajax_fetch_list_nonce').val() |
| 126 | * @uses $('input[name="_ajax_fetch_list_nonce"]').val()" |
127 | 127 | * */ |
128 | 128 | var ThemeScroller; |
129 | 129 | (function($){ |
… |
… |
var ThemeScroller; |
151 | 151 | } |
152 | 152 | |
153 | 153 | // Handle inputs |
154 | | this.nonce = $('#_ajax_fetch_list_nonce').val(); |
| 154 | this.nonce = $('input[name="_ajax_fetch_list_nonce"]').val(); |
155 | 155 | this.nextPage = ( theme_list_args.paged + 1 ); |
156 | 156 | |
157 | 157 | // Cache jQuery selectors |
-
diff --git wp-admin/js/widgets.js wp-admin/js/widgets.js
index 87be4dd..7b03f0e 100644
|
|
wpWidgets = { |
180 | 180 | |
181 | 181 | var a = { |
182 | 182 | action: 'widgets-order', |
183 | | savewidgets: $('#_wpnonce_widgets').val(), |
| 183 | savewidgets: $('input[name="_wpnonce_widgets"]').val(), |
184 | 184 | sidebars: [] |
185 | 185 | }; |
186 | 186 | |
… |
… |
wpWidgets = { |
203 | 203 | |
204 | 204 | a = { |
205 | 205 | action: 'save-widget', |
206 | | savewidgets: $('#_wpnonce_widgets').val(), |
| 206 | savewidgets: $('input[name="_wpnonce_widgets"]').val(), |
207 | 207 | sidebar: sb |
208 | 208 | }; |
209 | 209 | |
-
diff --git wp-admin/media-new.php wp-admin/media-new.php
index c6a7ae1..51cb5f5 100644
|
|
if ( get_user_setting('uploader') || isset( $_GET['browser-uploader'] ) ) |
76 | 76 | var post_id = <?php echo $post_id; ?>, shortform = 3; |
77 | 77 | </script> |
78 | 78 | <input type="hidden" name="post_id" id="post_id" value="<?php echo $post_id; ?>" /> |
79 | | <?php wp_nonce_field('media-form'); ?> |
| 79 | <?php wp_nonce_field( array( 'action' => 'media-form' ) ); ?> |
80 | 80 | <div id="media-items" class="hide-if-no-js"></div> |
81 | 81 | </form> |
82 | 82 | </div> |
-
diff --git wp-admin/media.php wp-admin/media.php
index 15d4323..df46a56 100644
|
|
if ( current_user_can( 'upload_files' ) ) { ?> |
128 | 128 | <input type="hidden" name="attachment_id" id="attachment_id" value="<?php echo esc_attr($att_id); ?>" /> |
129 | 129 | <input type="hidden" name="action" value="editattachment" /> |
130 | 130 | <?php wp_original_referer_field(true, 'previous'); ?> |
131 | | <?php wp_nonce_field('media-form'); ?> |
| 131 | <?php wp_nonce_field( array( 'action' => 'media-form' ) ); ?> |
132 | 132 | |
133 | 133 | </form> |
134 | 134 | |
-
diff --git wp-admin/ms-delete-site.php wp-admin/ms-delete-site.php
index 7d772c2..823d5d4 100644
|
|
Webmaster |
72 | 72 | <p><?php _e( 'Remember, once deleted your site cannot be restored.' ) ?></p> |
73 | 73 | |
74 | 74 | <form method="post" name="deletedirect"> |
75 | | <?php wp_nonce_field( 'delete-blog' ) ?> |
| 75 | <?php wp_nonce_field( array( 'action' => 'delete-blog' ) ); ?> |
76 | 76 | <input type="hidden" name="action" value="deleteblog" /> |
77 | 77 | <p><input id="confirmdelete" type="checkbox" name="confirmdelete" value="1" /> <label for="confirmdelete"><strong><?php printf( __( "I'm sure I want to permanently disable my site, and I am aware I can never get it back or use %s again." ), is_subdomain_install() ? $blog->domain : $blog->domain . $blog->path ); ?></strong></label></p> |
78 | 78 | <?php submit_button( __( 'Delete My Site Permanently' ) ); ?> |
-
diff --git wp-admin/my-sites.php wp-admin/my-sites.php
index 2ef4ca7..6738c00 100644
|
|
else : |
111 | 111 | }?> |
112 | 112 | </table> |
113 | 113 | <input type="hidden" name="action" value="updateblogsettings" /> |
114 | | <?php wp_nonce_field( 'update-my-sites' ); ?> |
| 114 | <?php wp_nonce_field( array( 'action' => 'update-my-sites' ) ); ?> |
115 | 115 | <?php submit_button(); ?> |
116 | 116 | </form> |
117 | 117 | <?php endif; ?> |
-
diff --git wp-admin/nav-menus.php wp-admin/nav-menus.php
index 361d0f6..99a978a 100644
|
|
require_once( './admin-header.php' ); |
472 | 472 | <form id="nav-menu-meta" action="<?php echo admin_url( 'nav-menus.php' ); ?>" class="nav-menu-meta" method="post" enctype="multipart/form-data"> |
473 | 473 | <input type="hidden" name="menu" id="nav-menu-meta-object-id" value="<?php echo esc_attr( $nav_menu_selected_id ); ?>" /> |
474 | 474 | <input type="hidden" name="action" value="add-menu-item" /> |
475 | | <?php wp_nonce_field( 'add-menu_item', 'menu-settings-column-nonce' ); ?> |
| 475 | <?php wp_nonce_field( array( 'action' => 'add-menu_item', |
| 476 | 'name' => 'menu-settings-column-nonce' ) ); ?> |
476 | 477 | <?php do_meta_boxes( 'nav-menus', 'side', null ); ?> |
477 | 478 | </form> |
478 | 479 | |
… |
… |
require_once( './admin-header.php' ); |
564 | 565 | </div><!-- END .major-publishing-actions --> |
565 | 566 | </div><!-- END #submitpost .submitbox --> |
566 | 567 | <?php |
567 | | wp_nonce_field( 'closedpostboxes', 'closedpostboxesnonce', false ); |
568 | | wp_nonce_field( 'meta-box-order', 'meta-box-order-nonce', false ); |
569 | | wp_nonce_field( 'update-nav_menu', 'update-nav-menu-nonce' ); |
| 568 | wp_nonce_field( array( 'action' => 'closedpostboxes', |
| 569 | 'name' => 'closedpostboxesnonce', |
| 570 | 'id' => 'closedpostboxesnonce', |
| 571 | 'referrer' => false ) ); |
| 572 | wp_nonce_field( array( 'action' => 'meta-box-order', |
| 573 | 'name' => 'meta-box-order-nonce', |
| 574 | 'referrer' => false ) ); |
| 575 | wp_nonce_field( array( 'action' => 'update-nav_menu', |
| 576 | 'name' => 'update-nav-menu-nonce' ) ); |
570 | 577 | ?> |
571 | 578 | <input type="hidden" name="action" value="update" /> |
572 | 579 | <input type="hidden" name="menu" id="menu" value="<?php echo esc_attr( $nav_menu_selected_id ); ?>" /> |
-
diff --git wp-admin/network.php wp-admin/network.php
index f0651bc..a5113d9 100644
|
|
function network_step1( $errors = false ) { |
172 | 172 | |
173 | 173 | echo '<form method="post" action="">'; |
174 | 174 | |
175 | | wp_nonce_field( 'install-network-1' ); |
| 175 | wp_nonce_field( array( 'action' => 'install-network-1' ) ); |
176 | 176 | |
177 | 177 | $error_codes = array(); |
178 | 178 | if ( is_wp_error( $errors ) ) { |
-
diff --git wp-admin/network/settings.php wp-admin/network/settings.php
index b3a0f89..ff1310b 100644
|
|
if ( isset( $_GET['updated'] ) ) { |
83 | 83 | <?php screen_icon('options-general'); ?> |
84 | 84 | <h2><?php echo esc_html( $title ); ?></h2> |
85 | 85 | <form method="post" action="settings.php"> |
86 | | <?php wp_nonce_field( 'siteoptions' ); ?> |
| 86 | <?php wp_nonce_field( array( 'action' => 'siteoptions' ) ); ?> |
87 | 87 | <h3><?php _e( 'Operational Settings' ); ?></h3> |
88 | 88 | <table class="form-table"> |
89 | 89 | <tr valign="top"> |
-
diff --git wp-admin/network/site-info.php wp-admin/network/site-info.php
index bcc71f9..b0d2a58 100644
|
|
if ( ! empty( $messages ) ) { |
118 | 118 | echo '<div id="message" class="updated"><p>' . $msg . '</p></div>'; |
119 | 119 | } ?> |
120 | 120 | <form method="post" action="site-info.php?action=update-site"> |
121 | | <?php wp_nonce_field( 'edit-site' ); ?> |
| 121 | <?php wp_nonce_field( array( 'action' => 'edit-site' ) ); ?> |
122 | 122 | <input type="hidden" name="id" value="<?php echo esc_attr( $id ) ?>" /> |
123 | 123 | <table class="form-table"> |
124 | 124 | <tr class="form-field form-required"> |
-
diff --git wp-admin/network/site-new.php wp-admin/network/site-new.php
index db2e1f7..d71667d 100644
|
|
if ( ! empty( $messages ) ) { |
120 | 120 | echo '<div id="message" class="updated"><p>' . $msg . '</p></div>'; |
121 | 121 | } ?> |
122 | 122 | <form method="post" action="<?php echo network_admin_url('site-new.php?action=add-site'); ?>"> |
123 | | <?php wp_nonce_field( 'add-blog', '_wpnonce_add-blog' ) ?> |
| 123 | <?php wp_nonce_field( array( 'action' => 'add-blog', |
| 124 | 'name' => '_wpnonce_add-blog' ) ); ?> |
124 | 125 | <table class="form-table"> |
125 | 126 | <tr class="form-field form-required"> |
126 | 127 | <th scope="row"><?php _e( 'Site Address' ) ?></th> |
-
diff --git wp-admin/network/site-settings.php wp-admin/network/site-settings.php
index f807fcf..1146dab 100644
|
|
if ( ! empty( $messages ) ) { |
108 | 108 | echo '<div id="message" class="updated"><p>' . $msg . '</p></div>'; |
109 | 109 | } ?> |
110 | 110 | <form method="post" action="site-settings.php?action=update-site"> |
111 | | <?php wp_nonce_field( 'edit-site' ); ?> |
| 111 | <?php wp_nonce_field( array( 'action' => 'edit-site' ) ); ?> |
112 | 112 | <input type="hidden" name="id" value="<?php echo esc_attr( $id ) ?>" /> |
113 | 113 | <table class="form-table"> |
114 | 114 | <?php |
-
diff --git wp-admin/network/site-users.php wp-admin/network/site-users.php
index 2064a76..92be831 100644
|
|
endif; ?> |
269 | 269 | </select></td> |
270 | 270 | </tr> |
271 | 271 | </table> |
272 | | <?php wp_nonce_field( 'add-user', '_wpnonce_add-user' ) ?> |
| 272 | <?php wp_nonce_field( array( 'action' => 'add-user', |
| 273 | 'name' => '_wpnonce_add-user' ) ); ?> |
273 | 274 | <?php submit_button( __( 'Add User' ), 'primary', 'add-user', true, array( 'id' => 'submit-add-existing-user' ) ); ?> |
274 | 275 | </form> |
275 | 276 | <?php endif; ?> |
… |
… |
endif; ?> |
303 | 304 | <td colspan="2"><?php _e( 'Username and password will be mailed to the above email address.' ) ?></td> |
304 | 305 | </tr> |
305 | 306 | </table> |
306 | | <?php wp_nonce_field( 'add-user', '_wpnonce_add-new-user' ) ?> |
| 307 | <?php wp_nonce_field( array( 'action' => 'add-user', |
| 308 | 'name' => '_wpnonce_add-new-user' ) ); ?> |
307 | 309 | <?php submit_button( __( 'Add New User' ), 'primary', 'add-user', true, array( 'id' => 'submit-add-user' ) ); ?> |
308 | 310 | </form> |
309 | 311 | <?php endif; ?> |
-
diff --git wp-admin/network/sites.php wp-admin/network/sites.php
index e9b314d..c572356 100644
|
|
if ( isset( $_GET['action'] ) ) { |
78 | 78 | <input type="hidden" name="action" value="<?php echo esc_attr( $_GET['action2'] ) ?>" /> |
79 | 79 | <input type="hidden" name="id" value="<?php echo esc_attr( $id ); ?>" /> |
80 | 80 | <input type="hidden" name="_wp_http_referer" value="<?php echo esc_attr( wp_get_referer() ); ?>" /> |
81 | | <?php wp_nonce_field( $_GET['action2'], '_wpnonce', false ); ?> |
| 81 | <?php wp_nonce_field( array( 'action' => $_GET['action2'], 'referrer' => false ) ); ?> |
82 | 82 | <p><?php echo esc_html( stripslashes( $_GET['msg'] ) ); ?></p> |
83 | 83 | <?php submit_button( __('Confirm'), 'button' ); ?> |
84 | 84 | </form> |
-
diff --git wp-admin/network/themes.php wp-admin/network/themes.php
index 04840ee..e4a1a9b 100644
|
|
if ( $action ) { |
154 | 154 | foreach ( (array) $themes as $theme ) |
155 | 155 | echo '<input type="hidden" name="checked[]" value="' . esc_attr($theme) . '" />'; |
156 | 156 | ?> |
157 | | <?php wp_nonce_field('bulk-themes') ?> |
| 157 | <?php wp_nonce_field( array( 'action' => 'bulk-themes' ) ); ?> |
158 | 158 | <?php submit_button( _n( 'Yes, Delete this theme', 'Yes, Delete these themes', $themes_to_delete ), 'button', 'submit', false ); ?> |
159 | 159 | </form> |
160 | 160 | <form method="post" action="<?php echo esc_url(wp_get_referer()); ?>" style="display:inline;"> |
-
diff --git wp-admin/network/user-new.php wp-admin/network/user-new.php
index 2044914..050d758 100644
|
|
if ( isset( $add_user_errors ) && is_wp_error( $add_user_errors ) ) { ?> |
99 | 99 | <td colspan="2"><?php _e( 'Username and password will be mailed to the above email address.' ) ?></td> |
100 | 100 | </tr> |
101 | 101 | </table> |
102 | | <?php wp_nonce_field( 'add-user', '_wpnonce_add-user' ) ?> |
| 102 | <?php wp_nonce_field( array( 'action' => 'add-user', |
| 103 | 'name' => '_wpnonce_add-user' ) ); ?> |
103 | 104 | <?php submit_button( __('Add User'), 'primary', 'add-user' ); ?> |
104 | 105 | </form> |
105 | 106 | </div> |
-
diff --git wp-admin/network/users.php wp-admin/network/users.php
index 1318355..fe5aaca 100644
|
|
function confirm_delete_users( $users ) { |
28 | 28 | <form action="users.php?action=dodelete" method="post"> |
29 | 29 | <input type="hidden" name="dodelete" /> |
30 | 30 | <?php |
31 | | wp_nonce_field( 'ms-users-delete' ); |
| 31 | wp_nonce_field( array( 'action' => 'ms-users-delete' ) ); |
32 | 32 | $site_admins = get_super_admins(); |
33 | 33 | $admin_out = "<option value='$current_user->ID'>$current_user->user_login</option>"; |
34 | 34 | |
-
diff --git wp-admin/options-permalink.php wp-admin/options-permalink.php
index 906361e..704f954 100644
|
|
if ( ! is_multisite() ) { |
169 | 169 | <h2><?php echo esc_html( $title ); ?></h2> |
170 | 170 | |
171 | 171 | <form name="form" action="options-permalink.php" method="post"> |
172 | | <?php wp_nonce_field('update-permalink') ?> |
| 172 | <?php wp_nonce_field( array( 'action' => 'update-permalink' ) ); ?> |
173 | 173 | |
174 | 174 | <p><?php _e('By default WordPress uses web <abbr title="Universal Resource Locator">URL</abbr>s which have question marks and lots of numbers in them, however WordPress offers you the ability to create a custom URL structure for your permalinks and archives. This can improve the aesthetics, usability, and forward-compatibility of your links. A <a href="http://codex.wordpress.org/Using_Permalinks">number of tags are available</a>, and here are some examples to get you started.'); ?></p> |
175 | 175 | |
… |
… |
printf( __('If you like, you may enter custom structures for your category and t |
255 | 255 | if ( file_exists($home_path . 'web.config') ) : ?> |
256 | 256 | <p><?php _e('If your <code>web.config</code> file were <a href="http://codex.wordpress.org/Changing_File_Permissions">writable</a>, we could do this automatically, but it isn’t so this is the url rewrite rule you should have in your <code>web.config</code> file. Click in the field and press <kbd>CTRL + a</kbd> to select all. Then insert this rule inside of the <code>/<configuration>/<system.webServer>/<rewrite>/<rules></code> element in <code>web.config</code> file.') ?></p> |
257 | 257 | <form action="options-permalink.php" method="post"> |
258 | | <?php wp_nonce_field('update-permalink') ?> |
| 258 | <?php wp_nonce_field( array( 'action' => 'update-permalink' ) ); ?> |
259 | 259 | <p><textarea rows="9" class="large-text readonly" name="rules" id="rules" readonly="readonly"><?php echo esc_textarea( $wp_rewrite->iis7_url_rewrite_rules() ); ?></textarea></p> |
260 | 260 | </form> |
261 | 261 | <p><?php _e('If you temporarily make your <code>web.config</code> file writable for us to generate rewrite rules automatically, do not forget to revert the permissions after rule has been saved.') ?></p> |
262 | 262 | <?php else : ?> |
263 | 263 | <p><?php _e('If the root directory of your site were <a href="http://codex.wordpress.org/Changing_File_Permissions">writable</a>, we could do this automatically, but it isn’t so this is the url rewrite rule you should have in your <code>web.config</code> file. Create a new file, called <code>web.config</code> in the root directory of your site. Click in the field and press <kbd>CTRL + a</kbd> to select all. Then insert this code into the <code>web.config</code> file.') ?></p> |
264 | 264 | <form action="options-permalink.php" method="post"> |
265 | | <?php wp_nonce_field('update-permalink') ?> |
| 265 | <?php wp_nonce_field( array( 'action' => 'update-permalink' ) ); ?> |
266 | 266 | <p><textarea rows="18" class="large-text readonly" name="rules" id="rules" readonly="readonly"><?php echo esc_textarea( $wp_rewrite->iis7_url_rewrite_rules(true) ); ?></textarea></p> |
267 | 267 | </form> |
268 | 268 | <p><?php _e('If you temporarily make your site’s root directory writable for us to generate the <code>web.config</code> file automatically, do not forget to revert the permissions after the file has been created.') ?></p> |
… |
… |
printf( __('If you like, you may enter custom structures for your category and t |
272 | 272 | if ( $permalink_structure && ! $usingpi && ! $writable ) : ?> |
273 | 273 | <p><?php _e('If your <code>.htaccess</code> file were <a href="http://codex.wordpress.org/Changing_File_Permissions">writable</a>, we could do this automatically, but it isn’t so these are the mod_rewrite rules you should have in your <code>.htaccess</code> file. Click in the field and press <kbd>CTRL + a</kbd> to select all.') ?></p> |
274 | 274 | <form action="options-permalink.php" method="post"> |
275 | | <?php wp_nonce_field('update-permalink') ?> |
| 275 | <?php wp_nonce_field( array( 'action' => 'update-permalink' ) ); ?> |
276 | 276 | <p><textarea rows="6" class="large-text readonly" name="rules" id="rules" readonly="readonly"><?php echo esc_textarea( $wp_rewrite->mod_rewrite_rules() ); ?></textarea></p> |
277 | 277 | </form> |
278 | 278 | <?php endif; ?> |
-
diff --git wp-admin/options.php wp-admin/options.php
index 92ae917..fb0a3e6 100644
|
|
include('./admin-header.php'); ?> |
178 | 178 | <?php screen_icon(); ?> |
179 | 179 | <h2><?php esc_html_e('All Settings'); ?></h2> |
180 | 180 | <form name="form" action="options.php" method="post" id="all-options"> |
181 | | <?php wp_nonce_field('options-options') ?> |
| 181 | <?php wp_nonce_field( array( 'action' => 'options-options' ) ); ?> |
182 | 182 | <input type="hidden" name="action" value="update" /> |
183 | 183 | <input type='hidden' name='option_page' value='options' /> |
184 | 184 | <table class="form-table"> |
-
diff --git wp-admin/plugin-editor.php wp-admin/plugin-editor.php
index 3ab0225..65ae4b0 100644
|
|
foreach ( $plugin_files as $plugin_file ) : |
226 | 226 | </ul> |
227 | 227 | </div> |
228 | 228 | <form name="template" id="template" action="plugin-editor.php" method="post"> |
229 | | <?php wp_nonce_field('edit-plugin_' . $file) ?> |
| 229 | <?php wp_nonce_field( array( 'action' => 'edit-plugin_' . $file ) ); ?> |
230 | 230 | <div><textarea cols="70" rows="25" name="newcontent" id="newcontent" aria-describedby="newcontent-description"><?php echo $content; ?></textarea> |
231 | 231 | <input type="hidden" name="action" value="update" /> |
232 | 232 | <input type="hidden" name="file" value="<?php echo esc_attr($file) ?>" /> |
-
diff --git wp-admin/plugins.php wp-admin/plugins.php
index 7fc3036..a46fd92 100644
|
|
if ( $action ) { |
294 | 294 | foreach ( (array) $plugins as $plugin ) |
295 | 295 | echo '<input type="hidden" name="checked[]" value="' . esc_attr($plugin) . '" />'; |
296 | 296 | ?> |
297 | | <?php wp_nonce_field('bulk-plugins') ?> |
| 297 | <?php wp_nonce_field( array( 'action' => 'bulk-plugins' ) ); ?> |
298 | 298 | <?php submit_button( $data_to_delete ? __( 'Yes, Delete these files and data' ) : __( 'Yes, Delete these files' ), 'button', 'submit', false ); ?> |
299 | 299 | </form> |
300 | 300 | <form method="post" action="<?php echo esc_url(wp_get_referer()); ?>" style="display:inline;"> |
-
diff --git wp-admin/press-this.php wp-admin/press-this.php
index 6542fa3..cbda889 100644
|
|
$admin_body_class .= ' locale-' . sanitize_html_class( strtolower( str_replace( |
444 | 444 | <div id="poststuff" class="metabox-holder"> |
445 | 445 | <div id="side-sortables" class="press-this-sidebar"> |
446 | 446 | <div class="sleeve"> |
447 | | <?php wp_nonce_field('press-this') ?> |
| 447 | <?php wp_nonce_field( array( 'action' => 'press-this' ) ); ?> |
448 | 448 | <input type="hidden" name="post_type" id="post_type" value="text"/> |
449 | 449 | <input type="hidden" name="autosave" id="autosave" /> |
450 | 450 | <input type="hidden" id="original_post_status" name="original_post_status" value="draft" /> |
… |
… |
$admin_body_class .= ' locale-' . sanitize_html_class( strtolower( str_replace( |
529 | 529 | </label> |
530 | 530 | <?php wp_dropdown_categories( array( 'taxonomy' => 'category', 'hide_empty' => 0, 'name' => 'newcategory_parent', 'orderby' => 'name', 'hierarchical' => 1, 'show_option_none' => '— ' . $tax->labels->parent_item . ' —' ) ); ?> |
531 | 531 | <input type="button" id="category-add-submit" data-wp-lists="add:categorychecklist:category-add" class="button category-add-submit" value="<?php echo esc_attr( $tax->labels->add_new_item ); ?>" /> |
532 | | <?php wp_nonce_field( 'add-category', '_ajax_nonce-add-category', false ); ?> |
| 532 | <?php wp_nonce_field( array( 'action' => 'add-category', |
| 533 | 'name' => '_ajax_nonce-add-category', |
| 534 | 'referrer' => false ) ); ?> |
533 | 535 | <span id="category-ajax-response"></span> |
534 | 536 | </p> |
535 | 537 | </div> |
-
diff --git wp-admin/theme-editor.php wp-admin/theme-editor.php
index c9adabe..6f5fa5a 100644
|
|
if ( $allowed_files ) : |
198 | 198 | echo '<div class="error"><p>' . __('Oops, no such file exists! Double check the name and try again, merci.') . '</p></div>'; |
199 | 199 | else : ?> |
200 | 200 | <form name="template" id="template" action="theme-editor.php" method="post"> |
201 | | <?php wp_nonce_field( 'edit-theme_' . $file . $stylesheet ); ?> |
| 201 | <?php wp_nonce_field( array( 'action' => 'edit-theme_' . $file . $stylesheet ) ); ?> |
202 | 202 | <div><textarea cols="70" rows="30" name="newcontent" id="newcontent" aria-describedby="newcontent-description"><?php echo $content; ?></textarea> |
203 | 203 | <input type="hidden" name="action" value="update" /> |
204 | 204 | <input type="hidden" name="file" value="<?php echo esc_attr( $relative_file ); ?>" /> |
-
diff --git wp-admin/update-core.php wp-admin/update-core.php
index a45b9be..4842db8 100644
|
|
function list_core_update( $update ) { |
68 | 68 | echo $message; |
69 | 69 | echo '</p>'; |
70 | 70 | echo '<form method="post" action="' . $form_action . '" name="upgrade" class="upgrade">'; |
71 | | wp_nonce_field('upgrade-core'); |
| 71 | wp_nonce_field( array( 'action' => 'upgrade-core' ) ); |
72 | 72 | echo '<p>'; |
73 | 73 | echo '<input name="version" value="'. esc_attr($update->current) .'" type="hidden"/>'; |
74 | 74 | echo '<input name="locale" value="'. esc_attr($update->locale) .'" type="hidden"/>'; |
… |
… |
function list_plugin_updates() { |
189 | 189 | <h3><?php _e( 'Plugins' ); ?></h3> |
190 | 190 | <p><?php _e( 'The following plugins have new versions available. Check the ones you want to update and then click “Update Plugins”.' ); ?></p> |
191 | 191 | <form method="post" action="<?php echo $form_action; ?>" name="upgrade-plugins" class="upgrade"> |
192 | | <?php wp_nonce_field('upgrade-core'); ?> |
| 192 | <?php wp_nonce_field( array( 'action' => 'upgrade-core' ) ); ?> |
193 | 193 | <p><input id="upgrade-plugins" class="button" type="submit" value="<?php esc_attr_e('Update Plugins'); ?>" name="upgrade" /></p> |
194 | 194 | <table class="widefat" cellspacing="0" id="update-plugins-table"> |
195 | 195 | <thead> |
… |
… |
function list_theme_updates() { |
267 | 267 | <p><?php _e( 'The following themes have new versions available. Check the ones you want to update and then click “Update Themes”.' ); ?></p> |
268 | 268 | <p><?php printf( __('<strong>Please Note:</strong> Any customizations you have made to theme files will be lost. Please consider using <a href="%s">child themes</a> for modifications.'), _x('http://codex.wordpress.org/Child_Themes', 'Link used in suggestion to use child themes in GUU') ); ?></p> |
269 | 269 | <form method="post" action="<?php echo $form_action; ?>" name="upgrade-themes" class="upgrade"> |
270 | | <?php wp_nonce_field('upgrade-core'); ?> |
| 270 | <?php wp_nonce_field( array( 'action' => 'upgrade-core' ) ); ?> |
271 | 271 | <p><input id="upgrade-themes" class="button" type="submit" value="<?php esc_attr_e('Update Themes'); ?>" name="upgrade" /></p> |
272 | 272 | <table class="widefat" cellspacing="0" id="update-themes-table"> |
273 | 273 | <thead> |
-
diff --git wp-admin/user-edit.php wp-admin/user-edit.php
index eadc1f0..e70de0a 100644
|
|
if ( ! IS_PROFILE_PAGE ) { |
190 | 190 | </h2> |
191 | 191 | |
192 | 192 | <form id="your-profile" action="<?php echo esc_url( self_admin_url( IS_PROFILE_PAGE ? 'profile.php' : 'user-edit.php' ) ); ?>" method="post"<?php do_action('user_edit_form_tag'); ?>> |
193 | | <?php wp_nonce_field('update-user_' . $user_id) ?> |
| 193 | <?php wp_nonce_field( array( 'action' => 'update-user_' . $user_id ) ); ?> |
194 | 194 | <?php if ( $wp_http_referer ) : ?> |
195 | 195 | <input type="hidden" name="wp_http_referer" value="<?php echo esc_url($wp_http_referer); ?>" /> |
196 | 196 | <?php endif; ?> |
-
diff --git wp-admin/user-new.php wp-admin/user-new.php
index f9616a2..e35b2b8 100644
|
|
if ( is_multisite() ) { |
269 | 269 | ?> |
270 | 270 | <form action="" method="post" name="adduser" id="adduser" class="validate"<?php do_action('user_new_form_tag');?>> |
271 | 271 | <input name="action" type="hidden" value="adduser" /> |
272 | | <?php wp_nonce_field( 'add-user', '_wpnonce_add-user' ) ?> |
| 272 | <?php wp_nonce_field( array( 'action' => 'add-user', |
| 273 | 'name' => '_wpnonce_add-user' ) ); ?> |
273 | 274 | |
274 | 275 | <table class="form-table"> |
275 | 276 | <tr class="form-field form-required"> |
… |
… |
if ( current_user_can( 'create_users') ) { |
302 | 303 | <p><?php _e('Create a brand new user and add it to this site.'); ?></p> |
303 | 304 | <form action="" method="post" name="createuser" id="createuser" class="validate"<?php do_action('user_new_form_tag');?>> |
304 | 305 | <input name="action" type="hidden" value="createuser" /> |
305 | | <?php wp_nonce_field( 'create-user', '_wpnonce_create-user' ) ?> |
| 306 | <?php wp_nonce_field( array( 'action' => 'create-user', |
| 307 | 'name' => '_wpnonce_create-user' ) ); ?> |
306 | 308 | <?php |
307 | 309 | // Load up the passed data, else set to a default. |
308 | 310 | foreach ( array( 'user_login' => 'login', 'first_name' => 'firstname', 'last_name' => 'lastname', |
-
diff --git wp-admin/users.php wp-admin/users.php
index 6ea1765..1345786 100644
|
|
case 'delete': |
211 | 211 | include ('admin-header.php'); |
212 | 212 | ?> |
213 | 213 | <form action="" method="post" name="updateusers" id="updateusers"> |
214 | | <?php wp_nonce_field('delete-users') ?> |
| 214 | <?php wp_nonce_field( array( 'action' => 'delete-users' ) ); ?> |
215 | 215 | <?php echo $referer; ?> |
216 | 216 | |
217 | 217 | <div class="wrap"> |
… |
… |
case 'remove': |
316 | 316 | include ('admin-header.php'); |
317 | 317 | ?> |
318 | 318 | <form action="" method="post" name="updateusers" id="updateusers"> |
319 | | <?php wp_nonce_field('remove-users') ?> |
| 319 | <?php wp_nonce_field( array( 'action' => 'remove-users' ) ); ?> |
320 | 320 | <?php echo $referer; ?> |
321 | 321 | |
322 | 322 | <div class="wrap"> |
-
diff --git wp-admin/widgets.php wp-admin/widgets.php
index 3e0b146..ecc1d37 100644
|
|
if ( isset($_GET['editwidget']) && $_GET['editwidget'] ) { |
281 | 281 | <input type="hidden" name="widget-id" class="widget-id" value="<?php echo esc_attr($widget_id); ?>" /> |
282 | 282 | <input type="hidden" name="id_base" class="id_base" value="<?php echo esc_attr($id_base); ?>" /> |
283 | 283 | <input type="hidden" name="multi_number" class="multi_number" value="<?php echo esc_attr($multi_number); ?>" /> |
284 | | <?php wp_nonce_field("save-delete-widget-$widget_id"); ?> |
| 284 | <?php wp_nonce_field( array( 'action' => "save-delete-widget-$widget_id" ) ); ?> |
285 | 285 | <br class="clear" /> |
286 | 286 | </div> |
287 | 287 | </form> |
… |
… |
foreach ( $wp_registered_sidebars as $sidebar => $registered_sidebar ) { |
389 | 389 | </div> |
390 | 390 | </div> |
391 | 391 | <form action="" method="post"> |
392 | | <?php wp_nonce_field( 'save-sidebar-widgets', '_wpnonce_widgets', false ); ?> |
| 392 | <?php wp_nonce_field( array( 'action' => 'save-sidebar-widgets', |
| 393 | 'name' => '_wpnonce_widgets', |
| 394 | 'referrer' => false ) ); ?> |
393 | 395 | </form> |
394 | 396 | <br class="clear" /> |
395 | 397 | </div> |
-
diff --git wp-includes/class-wp-editor.php wp-includes/class-wp-editor.php
index 38ab7c2..3dc0fec 100644
|
|
final class _WP_Editors { |
809 | 809 | ?> |
810 | 810 | <div style="display:none;"> |
811 | 811 | <form id="wp-link" tabindex="-1"> |
812 | | <?php wp_nonce_field( 'internal-linking', '_ajax_linking_nonce', false ); ?> |
| 812 | <?php wp_nonce_field( array( 'action' => 'internal-linking', |
| 813 | 'name' => '_ajax_linking_nonce', |
| 814 | 'id' => '_ajax_linking_nonce', |
| 815 | 'referrer' => false ) ); ?> |
813 | 816 | <div id="link-selector"> |
814 | 817 | <div id="link-options"> |
815 | 818 | <p class="howto"><?php _e( 'Enter the destination URL' ); ?></p> |
-
diff --git wp-includes/comment-template.php wp-includes/comment-template.php
index 8be25e1..100e9ca 100644
|
|
function wp_comment_form_unfiltered_html_nonce() { |
814 | 814 | $post_id = $post ? $post->ID : 0; |
815 | 815 | |
816 | 816 | if ( current_user_can( 'unfiltered_html' ) ) { |
817 | | wp_nonce_field( 'unfiltered-html-comment_' . $post_id, '_wp_unfiltered_html_comment_disabled', false ); |
| 817 | wp_nonce_field( array( 'action' => 'unfiltered-html-comment_' . $post_id, |
| 818 | 'name' => '_wp_unfiltered_html_comment_disabled', |
| 819 | 'id' => '_wp_unfiltered_html_comment_disabled', |
| 820 | 'referrer' => false ) ); |
818 | 821 | echo "<script>(function(){if(window===window.parent){document.getElementById('_wp_unfiltered_html_comment_disabled').name='_wp_unfiltered_html_comment';}})();</script>\n"; |
819 | 822 | } |
820 | 823 | } |
-
diff --git wp-includes/functions.php wp-includes/functions.php
index 17bd70a..2784e7d 100644
|
|
function wp_nonce_url( $actionurl, $action = -1 ) { |
1170 | 1170 | * offer absolute protection, but should protect against most cases. It is very |
1171 | 1171 | * important to use nonce field in forms. |
1172 | 1172 | * |
1173 | | * The $action and $name are optional, but if you want to have better security, |
1174 | | * it is strongly suggested to set those two parameters. It is easier to just |
| 1173 | * The following optional settings can be used with this method: |
| 1174 | * |
| 1175 | * action - A unique name included in the nonce hash (for better security). |
| 1176 | * name - The input field name, defaults to "_wpnonce". |
| 1177 | * id - Used as the input element id if desired. |
| 1178 | * referrer - Referrer field is used for validation, defaults to true. |
| 1179 | * echo - Output is displayed, defaults to true. Returns the output if false. |
| 1180 | * |
| 1181 | * While action is optional, it is strongly recommended to set this option to a |
| 1182 | * unique value for every form for better security. It is easier to just |
1175 | 1183 | * call the function without any parameters, because validation of the nonce |
1176 | | * doesn't require any parameters, but since crackers know what the default is |
| 1184 | * doesn't require any parameters, but since crackers know what the default is, |
1177 | 1185 | * it won't be difficult for them to find a way around your nonce and cause |
1178 | 1186 | * damage. |
1179 | 1187 | * |
1180 | | * The input name will be whatever $name value you gave. The input value will be |
1181 | | * the nonce creation value. |
1182 | | * |
1183 | 1188 | * @package WordPress |
1184 | 1189 | * @subpackage Security |
1185 | 1190 | * @since 2.0.4 |
1186 | 1191 | * |
1187 | | * @param string $action Optional. Action name. |
1188 | | * @param string $name Optional. Nonce name. |
1189 | | * @param bool $referer Optional, default true. Whether to set the referer field for validation. |
1190 | | * @param bool $echo Optional, default true. Whether to display or return hidden form field. |
1191 | | * @return string Nonce field. |
| 1192 | * @param array $options Optional settings for the nonce field, see description. |
| 1193 | * |
| 1194 | * @return string HTML nonce field to be used in a form. |
1192 | 1195 | */ |
1193 | | function wp_nonce_field( $action = -1, $name = "_wpnonce", $referer = true , $echo = true ) { |
1194 | | $name = esc_attr( $name ); |
1195 | | $nonce_field = '<input type="hidden" id="' . $name . '" name="' . $name . '" value="' . wp_create_nonce( $action ) . '" />'; |
| 1196 | function wp_nonce_field( $options = array() ) { |
| 1197 | $defaults = array( |
| 1198 | 'action' => -1, |
| 1199 | 'name' => '_wpnonce', |
| 1200 | 'id' => '', |
| 1201 | 'referrer' => true, |
| 1202 | 'echo' => true |
| 1203 | ); |
1196 | 1204 | |
1197 | | if ( $referer ) |
| 1205 | // WordPress 3.5 compatibility layer: |
| 1206 | // Arguments: $action = -1, $name = "_wpnonce", $referer = true, $echo = true |
| 1207 | // The $name parameter was also used for id. |
| 1208 | if ( ! is_array( $options ) || 0 == func_num_args() ) { |
| 1209 | _deprecated_argument( __FUNCTION__, '3.6', 'Please see the documentation on how to pass the necessary options to this function.' ); |
| 1210 | $old_args = func_get_args(); |
| 1211 | $options = array( 'name' => '_wpnonce' ); |
| 1212 | if ( isset( $old_args[0] ) ) $options['action'] = $old_args[0]; |
| 1213 | if ( isset( $old_args[1] ) ) $options['name'] = $old_args[1]; |
| 1214 | if ( isset( $old_args[2] ) ) $options['referrer'] = $old_args[2]; |
| 1215 | if ( isset( $old_args[3] ) ) $options['echo'] = $old_args[3]; |
| 1216 | $options['id'] = $options['name']; |
| 1217 | } |
| 1218 | |
| 1219 | $options = wp_parse_args( $options, $defaults ); |
| 1220 | |
| 1221 | $nonce_field = '<input type="hidden"'; |
| 1222 | if ( ! empty( $options['id'] ) ) { |
| 1223 | $nonce_field .= ' id="' . esc_attr( $options['id'] ) . '"'; |
| 1224 | } |
| 1225 | $nonce_field .= ' name="' . esc_attr( $options['name'] ) . '"'; |
| 1226 | $nonce_field .= ' value="' . esc_attr( wp_create_nonce( $options['action'] ) ) . '" />'; |
| 1227 | |
| 1228 | if ( $options['referrer'] ) |
1198 | 1229 | $nonce_field .= wp_referer_field( false ); |
1199 | 1230 | |
1200 | | if ( $echo ) |
| 1231 | if ( $options['echo'] ) |
1201 | 1232 | echo $nonce_field; |
1202 | 1233 | |
1203 | 1234 | return $nonce_field; |
-
diff --git wp-includes/ms-functions.php wp-includes/ms-functions.php
index 0f6794b..2df5e28 100644
|
|
function upload_is_file_too_big( $upload ) { |
1621 | 1621 | function signup_nonce_fields() { |
1622 | 1622 | $id = mt_rand(); |
1623 | 1623 | echo "<input type='hidden' name='signup_form_id' value='{$id}' />"; |
1624 | | wp_nonce_field('signup_form_' . $id, '_signup_form', false); |
| 1624 | wp_nonce_field( array( 'action' => 'signup_form_' . $id, |
| 1625 | 'name'=> '_signup_form', |
| 1626 | 'referrer' => false ) ); |
1625 | 1627 | } |
1626 | 1628 | |
1627 | 1629 | /** |