Ticket #2678: nonce.6.diff
| File nonce.6.diff, 28.5 KB (added by , 20 years ago) |
|---|
-
wp-includes/functions-compat.php
98 98 } 99 99 } 100 100 101 // From php.net 102 if(!function_exists('http_build_query')) { 103 function http_build_query( $formdata, $numeric_prefix = null, $key = null ) { 104 $res = array(); 105 foreach ((array)$formdata as $k=>$v) { 106 $tmp_key = urlencode(is_int($k) ? $numeric_prefix.$k : $k); 107 if ($key) $tmp_key = $key.'['.$tmp_key.']'; 108 $res[] = ( ( is_array($v) || is_object($v) ) ? http_build_query($v, null, $tmp_key) : $tmp_key."=".urlencode($v) ); 109 } 110 $separator = ini_get('arg_separator.output'); 111 return implode($separator, $res); 112 } 113 } 101 114 ?> -
wp-includes/functions.php
1663 1663 return $installed; 1664 1664 } 1665 1665 1666 function wp_nonce_url($actionurl, $action = -1) { 1667 return add_query_arg('_wpnonce', wp_create_nonce($action), $actionurl); 1668 } 1669 1670 function wp_nonce_field($action = -1) { 1671 echo '<input type="hidden" name="_wpnonce" value="' . wp_create_nonce($action) . '" />'; 1672 } 1673 1666 1674 ?> -
wp-includes/pluggable-functions.php
228 228 endif; 229 229 230 230 if ( !function_exists('check_admin_referer') ) : 231 function check_admin_referer() { 231 function check_admin_referer($action = -1) { 232 global $pagenow; 232 233 $adminurl = strtolower(get_settings('siteurl')).'/wp-admin'; 233 234 $referer = strtolower($_SERVER['HTTP_REFERER']); 234 if (!strstr($referer, $adminurl)) 235 die(__('Sorry, you need to <a href="http://codex.wordpress.org/Enable_Sending_Referrers">enable sending referrers</a> for this feature to work.')); 235 if ( !wp_verify_nonce($_REQUEST['_wpnonce'], $action) ) { 236 $html = "<!DOCTYPE html PUBLIC '-//W3C//DTD XHTML 1.0 Strict//EN' 'http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd'>\n<html xmlns='http://www.w3.org/1999/xhtml' lang='en' xml:lang='en'>\n\n"; 237 $html .= "<head>\n\t<title>" . __('WordPress Confirmation') . "</title>\n"; 238 $html .= "</head>\n<body>\n"; 239 if ( $_POST ) { 240 $q = http_build_query($_POST); 241 $q = explode( ini_get('arg_separator.output'), $q); 242 $html .= "\t<form method='post' action='$pagenow'>\n"; 243 foreach ( (array) $q as $a ) { 244 $v = substr(strstr($a, '='), 1); 245 $k = substr($a, 0, -(strlen($v)+1)); 246 $html .= "\t\t<input type='hidden' name='" . wp_specialchars( urldecode($k), 1 ) . "' value='" . wp_specialchars( urldecode($v), 1 ) . "' />\n"; 247 } 248 $html .= "\t\t<input type='hidden' name='_wpnonce' value='" . wp_create_nonce($action) . "' />\n"; 249 $html .= "\t\t<p>" . __('Are you sure you want to do this?') . "</p>\n\t\t<p><a href='$adminurl'>No</a> <input type='submit' value='" . __('Yes') . "' /></p>\n\t</form>\n"; 250 } else { 251 $html .= "\t<p>" . __('Are you sure you want to do this?') . "</p>\n\t\t<p><a href='$adminurl'>No</a> <a href='" . add_query_arg( '_wpnonce', wp_create_nonce($action), $_SERVER['REQUEST_URI'] ) . "'>" . __('Yes') . "</a></p>\n"; 252 } 253 $html .= "</body>\n</html>"; 254 255 die($html); 256 } 236 257 do_action('check_admin_referer'); 237 } 238 endif; 258 }endif; 239 259 240 260 if ( !function_exists('check_ajax_referer') ) : 241 261 function check_ajax_referer() { … … 460 480 } 461 481 endif; 462 482 483 if ( !function_exists('wp_verify_nonce') ) : 484 function wp_verify_nonce($nonce, $action = -1) { 485 $user = wp_get_current_user(); 486 $uid = $user->id; 487 488 $i = ceil(time() / 43200); 489 490 //Allow for expanding range, but only do one check if we can 491 if( substr(md5($i . DB_PASSWORD . $action . $uid), -12, 10) == $nonce || substr(md5(($i - 1) . DB_PASSWORD . $action . $uid), -12, 10) == $nonce ) 492 return true; 493 return false; 494 } 495 endif; 496 497 if ( !function_exists('wp_create_nonce') ) : 498 function wp_create_nonce($action = -1) { 499 $user = wp_get_current_user(); 500 $uid = $user->id; 501 502 $i = ceil(time() / 43200); 503 504 return substr(md5($i . DB_PASSWORD . $action . $uid), -12, 10); 505 } 506 endif; 507 463 508 ?> -
wp-admin/inline-uploading.php
2 2 3 3 require_once('admin.php'); 4 4 5 check_admin_referer( );5 check_admin_referer('inlineuploading'); 6 6 7 7 header('Content-Type: text/html; charset=' . get_option('blog_charset')); 8 8 … … 41 41 42 42 wp_delete_attachment($attachment); 43 43 44 header("Location: ". basename(__FILE__)."?post=$post&all=$all&action=view&start=$start");44 header("Location: ". wp_nonce_url(basename(__FILE__)."?post=$post&all=$all&action=view&start=$start", 'inlineuploading')); 45 45 die; 46 46 47 47 case 'save': … … 100 100 add_post_meta($id, '_wp_attachment_metadata', array()); 101 101 } 102 102 103 header("Location: ". basename(__FILE__)."?post=$post&all=$all&action=view&start=0");103 header("Location: ". wp_nonce_url(basename(__FILE__)."?post=$post&all=$all&action=view&start=0", 'inlineuploading')); 104 104 die(); 105 105 106 106 case 'upload': … … 139 139 $attachments = $wpdb->get_results("SELECT ID, post_date, post_title, post_mime_type, guid FROM $wpdb->posts WHERE post_type = 'attachment' $and_type $and_post $and_user ORDER BY $sort LIMIT $start, $double", ARRAY_A); 140 140 141 141 if ( count($attachments) == 0 ) { 142 header("Location: ". basename(__FILE__)."?post=$post&action=upload");142 header("Location: ". wp_nonce_url(basename(__FILE__)."?post=$post&action=upload", 'inlineuploading') ); 143 143 die; 144 144 } elseif ( count($attachments) > $num ) { 145 145 $next = $start + count($attachments) - $num; -
wp-admin/edit-comments.php
51 51 <p><a href="?mode=view"><?php _e('View Mode') ?></a> | <a href="?mode=edit"><?php _e('Mass Edit Mode') ?></a></p> 52 52 <?php 53 53 if ( !empty( $_POST['delete_comments'] ) ) : 54 check_admin_referer( );54 check_admin_referer('bulk-comments'); 55 55 56 56 $i = 0; 57 57 foreach ($_POST['delete_comments'] as $comment) : // Check the permissions on each … … 119 119 <?php 120 120 if ( current_user_can('edit_post', $comment->comment_post_ID) ) { 121 121 echo " <a href='comment.php?action=editcomment&comment=".$comment->comment_ID."\'>" . __('Edit') . '</a>'; 122 echo ' | <a href=" comment.php?action=deletecomment&p=' . $post->ID . '&comment=' . $comment->comment_ID. '" onclick="return deleteSomething( \'comment\', ' . $comment->comment_ID . ', \'' . sprintf(__("You are about to delete this comment by "%s".\\n"Cancel" to stop, "OK" to delete."), wp_specialchars($comment->comment_author, 1)) . "' );\">" . __('Delete') . '</a> ';122 echo ' | <a href="' . wp_nonce_url('comment.php?action=deletecomment&p=' . $post->ID . '&comment=' . $comment->comment_ID, 'delete-comment' . $comment->comment_ID) . '" onclick="return deleteSomething( \'comment\', ' . $comment->comment_ID . ', \'' . sprintf(__("You are about to delete this comment by "%s".\\n"Cancel" to stop, "OK" to delete."), wp_specialchars($comment->comment_author, 1)) . "' );\">" . __('Delete') . '</a> '; 123 123 if ( ('none' != $comment_status) && ( current_user_can('moderate_comments') ) ) { 124 echo '<span class="unapprove"> | <a href=" comment.php?action=unapprovecomment&p=' . $post->ID . '&comment=' . $comment->comment_ID. '" onclick="return dimSomething( \'comment\', ' . $comment->comment_ID . ', \'unapproved\' );">' . __('Unapprove') . '</a> </span>';125 echo '<span class="approve"> | <a href=" comment.php?action=approvecomment&p=' . $post->ID . '&comment=' . $comment->comment_ID. '" onclick="return dimSomething( \'comment\', ' . $comment->comment_ID . ', \'unapproved\' );">' . __('Approve') . '</a> </span>';124 echo '<span class="unapprove"> | <a href="' . wp_nonce_url('comment.php?action=unapprovecomment&p=' . $post->ID . '&comment=' . $comment->comment_ID, 'unapprove-comment' . $comment->comment_ID) . '" onclick="return dimSomething( \'comment\', ' . $comment->comment_ID . ', \'unapproved\' );">' . __('Unapprove') . '</a> </span>'; 125 echo '<span class="approve"> | <a href="' . wp_nonce_url('comment.php?action=approvecomment&p=' . $post->ID . '&comment=' . $comment->comment_ID, 'approve-comment' . $comment->comment_ID) . '" onclick="return dimSomething( \'comment\', ' . $comment->comment_ID . ', \'unapproved\' );">' . __('Approve') . '</a> </span>'; 126 126 } 127 127 echo " | <a href=\"comment.php?action=deletecomment&delete_type=spam&p=".$comment->comment_post_ID."&comment=".$comment->comment_ID."\" onclick=\"return deleteSomething( 'comment-as-spam', $comment->comment_ID, '" . sprintf(__("You are about to mark as spam this comment by "%s".\\n"Cancel" to stop, "OK" to mark as spam."), wp_specialchars( $comment->comment_author, 1 )) . "' );\">" . __('Spam') . "</a> "; 128 128 } … … 150 150 } elseif ('edit' == $mode) { 151 151 152 152 if ($comments) { 153 echo '<form name="deletecomments" id="deletecomments" action="" method="post"> 154 <table width="100%" cellpadding="3" cellspacing="3"> 153 echo '<form name="deletecomments" id="deletecomments" action="" method="post"> '; 154 wp_nonce_field('bulk-comments'); 155 echo '<table width="100%" cellpadding="3" cellspacing="3"> 155 156 <tr> 156 157 <th scope="col">*</th> 157 158 <th scope="col">' . __('Name') . '</th> -
wp-admin/post.php
24 24 switch($action) { 25 25 case 'postajaxpost': 26 26 case 'post': 27 check_admin_referer( );27 check_admin_referer('add-post'); 28 28 29 29 $post_ID = 'post' == $action ? write_post() : edit_post(); 30 30 … … 78 78 break; 79 79 80 80 case 'editattachment': 81 check_admin_referer();82 83 81 $post_id = (int) $_POST['post_ID']; 84 82 83 check_admin_referer('update-attachment' . $post_id); 84 85 85 // Don't let these be changed 86 86 unset($_POST['guid']); 87 87 $_POST['post_type'] = 'attachment'; … … 96 96 add_post_meta($post_id, '_wp_attachment_metadata', $newmeta); 97 97 98 98 case 'editpost': 99 check_admin_referer(); 99 $post_ID = (int) $_POST['post_ID']; 100 check_admin_referer('update-post' . $post_ID); 100 101 101 102 $post_ID = edit_post(); 102 103 … … 121 122 break; 122 123 123 124 case 'delete': 124 check_admin_referer();125 126 125 $post_id = (isset($_GET['post'])) ? intval($_GET['post']) : intval($_POST['post_ID']); 126 check_admin_referer('delete-post' . $post_id); 127 127 128 128 $post = & get_post($post_id); 129 129 -
wp-admin/admin-functions.php
709 709 <td><?php echo mysql2date('Y-m-d g:i a', $post->post_modified); ?></td> 710 710 <td><a href="<?php the_permalink(); ?>" rel="permalink" class="edit"><?php _e('View'); ?></a></td> 711 711 <td><?php if ( current_user_can('edit_page', $id) ) { echo "<a href='page.php?action=edit&post=$id' class='edit'>" . __('Edit') . "</a>"; } ?></td> 712 <td><?php if ( current_user_can('edit_page', $id) ) { echo "<a href=' page.php?action=delete&post=$id' class='delete' onclick=\"return deleteSomething( 'page', " . $id . ", '" . sprintf(__("You are about to delete the "%s" page.\\n"OK" to delete, "Cancel" to stop."), addslashes(wp_specialchars(get_the_title(),'double')) ) . "' );\">" . __('Delete') . "</a>"; } ?></td>712 <td><?php if ( current_user_can('edit_page', $id) ) { echo "<a href='" . wp_nonce_url("page.php?action=delete&post=$id", 'delete-page' . $id) . "' class='delete' onclick=\"return deleteSomething( 'page', " . $id . ", '" . sprintf(__("You are about to delete the "%s" page.\\n"OK" to delete, "Cancel" to stop."), addslashes(wp_specialchars(get_the_title(),'double')) ) . "' );\">" . __('Delete') . "</a>"; } ?></td> 713 713 </tr> 714 714 715 715 <?php -
wp-admin/edit-page-form.php
5 5 <?php 6 6 if (0 == $post_ID) { 7 7 $form_action = 'post'; 8 $nonce_action = 'add-page'; 8 9 $temp_ID = -1 * time(); 9 10 $form_extra = "<input type='hidden' id='post_ID' name='temp_ID' value='$temp_ID' />"; 10 11 } else { 11 12 $form_action = 'editpost'; 13 $nonce_action = 'update-page' . $post_ID; 12 14 $form_extra = "<input type='hidden' id='post_ID' name='post_ID' value='$post_ID' />"; 13 15 } 14 16 … … 23 25 <form name="post" action="page.php" method="post" id="post"> 24 26 25 27 <?php 28 wp_nonce_field($nonce_action); 29 26 30 if (isset($mode) && 'bookmarklet' == $mode) { 27 31 echo '<input type="hidden" name="mode" value="bookmarklet" />'; 28 32 } … … 150 154 <?php 151 155 if (current_user_can('upload_files')) { 152 156 $uploading_iframe_ID = (0 == $post_ID ? $temp_ID : $post_ID); 153 $uploading_iframe_src = "inline-uploading.php?action=view&post=$uploading_iframe_ID";157 $uploading_iframe_src = wp_nonce_url("inline-uploading.php?action=view&post=$uploading_iframe_ID", 'inlineuploading'); 154 158 $uploading_iframe_src = apply_filters('uploading_iframe_src', $uploading_iframe_src); 155 159 if ( false != $uploading_iframe_src ) 156 160 echo '<iframe id="uploading" border="0" src="' . $uploading_iframe_src . '">' . __('This feature requires iframe support.') . '</iframe>'; -
wp-admin/comment.php
89 89 break; 90 90 91 91 case 'deletecomment': 92 93 check_admin_referer();94 95 92 $comment = (int) $_REQUEST['comment']; 93 check_admin_referer('delete-comment' . $comment); 94 96 95 $p = (int) $_REQUEST['p']; 97 96 if ( isset($_REQUEST['noredir']) ) { 98 97 $noredir = true; … … 123 122 break; 124 123 125 124 case 'unapprovecomment': 126 127 check_admin_referer();128 129 125 $comment = (int) $_GET['comment']; 126 check_admin_referer('unapprove-comment' . $comment); 127 130 128 $p = (int) $_GET['p']; 131 129 if (isset($_GET['noredir'])) { 132 130 $noredir = true; … … 151 149 break; 152 150 153 151 case 'approvecomment': 154 155 check_admin_referer();156 157 152 $comment = (int) $_GET['comment']; 153 check_admin_referer('approve-comment' . $comment); 154 158 155 $p = (int) $_GET['p']; 159 156 if (isset($_GET['noredir'])) { 160 157 $noredir = true; … … 184 181 185 182 case 'editedcomment': 186 183 187 check_admin_referer( );184 check_admin_referer('update-comment'); 188 185 189 186 edit_comment(); 190 187 -
wp-admin/options-general.php
10 10 <div class="wrap"> 11 11 <h2><?php _e('General Options') ?></h2> 12 12 <form method="post" action="options.php"> 13 <?php wp_nonce_field('update-options') ?> 13 14 <table class="optiontable"> 14 15 <tr valign="top"> 15 16 <th scope="row"><?php _e('Weblog title:') ?></th> -
wp-admin/edit-link-form.php
2 2 if ( ! empty($link_id) ) { 3 3 $heading = __('Edit Bookmark'); 4 4 $submit_text = __('Save Changes »'); 5 $form = '<form name="editlink" id="editlink" method="post" action="link.php">'; 5 $form = '<form name="editlink" id="editlink" method="post" action="link.php">'; 6 $nonce_action = 'update-bookmark' . $link_id; 6 7 } else { 7 8 $heading = __('Create Bookmark'); 8 9 $submit_text = __('Add Bookmark »'); 9 10 $form = '<form name="addlink" id="addlink" method="post" action="link.php">'; 11 $nonce_action = 'add-bookmark'; 10 12 } 11 13 12 14 function xfn_check($class, $value = '', $type = 'check') { … … 31 33 <div class="wrap"> 32 34 <h2><?php echo $heading ?></h2> 33 35 <?php echo $form ?> 34 36 <?php wp_nonce_field($nonce_action); ?> 37 35 38 <div id="poststuff"> 36 39 <div id="moremeta"> 37 40 <div id="grabit" class="dbx-group"> -
wp-admin/options-misc.php
11 11 <div class="wrap"> 12 12 <h2><?php _e('Miscellaneous Options') ?></h2> 13 13 <form method="post" action="options.php"> 14 14 <?php wp_nonce_field('update-options') ?> 15 15 <fieldset class="options"> 16 16 <legend><?php _e('Uploading'); ?></legend> 17 17 <table class="editform optiontable"> -
wp-admin/edit-form-comment.php
6 6 ?> 7 7 8 8 <form name="post" action="comment.php" method="post" id="post"> 9 <?php wp_nonce_field('update-comment' . $comment->comment_ID) ?> 9 10 <div class="wrap"> 10 11 <input type="hidden" name="user_ID" value="<?php echo $user_ID ?>" /> 11 12 <input type="hidden" name="action" value='<?php echo $form_action . $form_extra ?>' /> -
wp-admin/edit-form-advanced.php
22 22 $form_action = 'post'; 23 23 $temp_ID = -1 * time(); 24 24 $form_extra = "<input type='hidden' id='post_ID' name='temp_ID' value='$temp_ID' />"; 25 wp_nonce_field('add-post'); 25 26 } else { 26 27 $form_action = 'editpost'; 27 28 $form_extra = "<input type='hidden' id='post_ID' name='post_ID' value='$post_ID' />"; 29 wp_nonce_field('update-post' . $post_ID); 28 30 } 29 31 30 32 $form_pingback = '<input type="hidden" name="post_pingback" value="' . get_option('default_pingback_flag') . '" id="post_pingback" />'; … … 173 175 <?php 174 176 if (current_user_can('upload_files')) { 175 177 $uploading_iframe_ID = (0 == $post_ID ? $temp_ID : $post_ID); 176 $uploading_iframe_src = "inline-uploading.php?action=view&post=$uploading_iframe_ID";178 $uploading_iframe_src = wp_nonce_url("inline-uploading.php?action=view&post=$uploading_iframe_ID", 'inlineuploading'); 177 179 $uploading_iframe_src = apply_filters('uploading_iframe_src', $uploading_iframe_src); 178 180 if ( false != $uploading_iframe_src ) 179 181 echo '<iframe id="uploading" border="0" src="' . $uploading_iframe_src . '">' . __('This feature requires iframe support.') . '</iframe>'; -
wp-admin/options-discussion.php
21 21 <div class="wrap"> 22 22 <h2><?php _e('Discussion Options') ?></h2> 23 23 <form method="post" action="options.php"> 24 <?php wp_nonce_field('update-options') ?> 24 25 <fieldset class="options"> 25 26 <legend><?php _e('Usual settings for an article:<br /><small><em>(These settings may be overridden for individual articles.)</em></small>') ?></legend> 26 27 <ul> -
wp-admin/edit.php
211 211 212 212 case 'control_delete': 213 213 ?> 214 <td><?php if ( current_user_can('delete_post',$post->ID) ) { echo "<a href=' post.php?action=delete&post=$id' class='delete' onclick=\"return deleteSomething( 'post', " . $id . ", '" . sprintf(__("You are about to delete this post "%s".\\n"OK" to delete, "Cancel" to stop."), addslashes(wp_specialchars(get_the_title(),'double')) ) . "' );\">" . __('Delete') . "</a>"; } ?></td>214 <td><?php if ( current_user_can('delete_post',$post->ID) ) { echo "<a href='" . wp_nonce_url("post.php?action=delete&post=$id", 'delete-post' . $post->ID) . "' class='delete' onclick=\"return deleteSomething( 'post', " . $id . ", '" . sprintf(__("You are about to delete this post "%s".\\n"OK" to delete, "Cancel" to stop."), addslashes(wp_specialchars(get_the_title(),'double')) ) . "' );\">" . __('Delete') . "</a>"; } ?></td> 215 215 <?php 216 216 break; 217 217 -
wp-admin/options.php
29 29 case 'update': 30 30 $any_changed = 0; 31 31 32 check_admin_referer( );32 check_admin_referer('update-options'); 33 33 34 34 if (!$_POST['page_options']) { 35 35 foreach ($_POST as $key => $value) { … … 89 89 <div class="wrap"> 90 90 <h2><?php _e('All options'); ?></h2> 91 91 <form name="form" action="options.php" method="post"> 92 <?php wp_nonce_field('update-options') ?> 92 93 <input type="hidden" name="action" value="update" /> 93 94 <table width="98%"> 94 95 <?php -
wp-admin/link.php
29 29 30 30 switch ($action) { 31 31 case 'deletebookmarks' : 32 check_admin_referer( );32 check_admin_referer('bulk-bookmarks'); 33 33 34 34 // check the current user's level first. 35 35 if (!current_user_can('manage_links')) … … 53 53 break; 54 54 55 55 case 'move' : 56 check_admin_referer( );56 check_admin_referer('bulk-bookmarks'); 57 57 58 58 // check the current user's level first. 59 59 if (!current_user_can('manage_links')) … … 72 72 break; 73 73 74 74 case 'add' : 75 check_admin_referer( );75 check_admin_referer('add-bookmark'); 76 76 77 77 add_link(); 78 78 … … 80 80 break; 81 81 82 82 case 'save' : 83 check_admin_referer();84 85 83 $link_id = (int) $_POST['link_id']; 84 check_admin_referer('update-bookmark' . $link_id); 85 86 86 edit_link($link_id); 87 87 88 88 wp_redirect($this_file); … … 90 90 break; 91 91 92 92 case 'delete' : 93 check_admin_referer(); 93 $link_id = (int) $_GET['link_id']; 94 check_admin_referer('delete-bookmark' . $link_id); 94 95 95 96 if (!current_user_can('manage_links')) 96 97 die(__("Cheatin' uh ?")); 97 98 98 $link_id = (int) $_GET['link_id'];99 100 99 wp_delete_link($link_id); 101 100 102 101 wp_redirect($this_file); -
wp-admin/options-reading.php
10 10 <div class="wrap"> 11 11 <h2><?php _e('Reading Options') ?></h2> 12 12 <form name="form1" method="post" action="options.php"> 13 <?php wp_nonce_field('update-options') ?> 13 14 14 15 <?php if ( get_pages() ): ?> 15 16 <fieldset class="options"> -
wp-admin/link-manager.php
110 110 </form> 111 111 112 112 <form id="links" method="post" action="link.php"> 113 <?php wp_nonce_field('bulk-bookmarks') ?> 113 114 <input type="hidden" name="link_id" value="" /> 114 115 <input type="hidden" name="action" value="" /> 115 116 <input type="hidden" name="order_by" value="<?php echo wp_specialchars($order_by, 1); ?>" /> … … 175 176 <?php 176 177 177 178 echo '<td><a href="link.php?link_id='.$link->link_id.'&action=edit" class="edit">'.__('Edit').'</a></td>'; 178 echo '<td><a href=" link.php?link_id='.$link->link_id.'&action=delete"'." class='delete' onclick=\"return deleteSomething( 'link', $link->link_id , '".sprintf(__("You are about to delete the "%s" bookmark to %s.\\n"Cancel" to stop, "OK" to delete."), wp_specialchars($link->link_name, 1), wp_specialchars($link->link_url)).'\' );" class="delete">'.__('Delete').'</a></td>';179 echo '<td><a href="' . wp_nonce_url('link.php?link_id='.$link->link_id.'&action=delete', 'delete-bookmark' . $link->link_id ) . '"'." class='delete' onclick=\"return deleteSomething( 'link', $link->link_id , '".sprintf(__("You are about to delete the "%s" bookmark to %s.\\n"Cancel" to stop, "OK" to delete."), wp_specialchars($link->link_name, 1), wp_specialchars($link->link_url)).'\' );" class="delete">'.__('Delete').'</a></td>'; 179 180 echo '<td align="center"><input type="checkbox" name="linkcheck[]" value="'.$link->link_id.'" /></td>'; 180 181 echo "\n </tr>\n"; 181 182 } -
wp-admin/options-permalink.php
57 57 58 58 $home_path = get_home_path(); 59 59 60 if ( isset($_POST ) ) {61 check_admin_referer( );60 if ( isset($_POST['permalink_structure']) || isset($_POST['category_base']) ) { 61 check_admin_referer('update-permalink'); 62 62 63 63 if ( isset($_POST['permalink_structure']) ) { 64 64 $permalink_structure = $_POST['permalink_structure']; … … 117 117 ); 118 118 ?> 119 119 <form name="form" action="options-permalink.php" method="post"> 120 <?php wp_nonce_field('update-permalink') ?> 120 121 <h3><?php _e('Common options:'); ?></h3> 121 122 <p> 122 123 <label> … … 165 166 <?php if ( $permalink_structure && !$usingpi && !$writable ) : ?> 166 167 <p><?php _e('If your <code>.htaccess</code> file were <a href="http://codex.wordpress.org/Make_a_Directory_Writable">writable</a>, we could do this automatically, but it isn’t so these are the mod_rewrite rules you should have in your <code>.htaccess</code> file. Click in the field and press <kbd>CTRL + a</kbd> to select all.') ?></p> 167 168 <form action="options-permalink.php" method="post"> 169 <?php wp_nonce_field('update-permalink') ?> 168 170 <p> 169 171 <textarea rows="5" style="width: 98%;" name="rules"><?php echo $wp_rewrite->mod_rewrite_rules(); ?> 170 172 </textarea> -
wp-admin/page.php
24 24 25 25 switch($action) { 26 26 case 'post': 27 27 check_admin_referer('add-page'); 28 28 $page_ID = write_post(); 29 29 30 30 // Redirect. … … 76 76 77 77 case 'editattachment': 78 78 $page_id = $post_ID = (int) $_POST['post_ID']; 79 check_admin_referer('update-attachment' . $page_id); 79 80 80 81 // Don't let these be changed 81 82 unset($_POST['guid']); … … 91 92 add_post_meta($page_id, '_wp_attachment_metadata', $newmeta); 92 93 93 94 case 'editpost': 95 $page_ID = (int) $_POST['post_ID']; 96 check_admin_referer('update-page' . $page_ID); 97 94 98 $page_ID = edit_post(); 95 99 96 100 if ($_POST['save']) { … … 114 118 break; 115 119 116 120 case 'delete': 117 check_admin_referer();118 119 121 $page_id = (isset($_GET['post'])) ? intval($_GET['post']) : intval($_POST['post_ID']); 122 check_admin_referer('delete-page' . $page_id); 120 123 121 124 $page = & get_post($page_id); 122 125 -
wp-admin/options-writing.php
10 10 <div class="wrap"> 11 11 <h2><?php _e('Writing Options') ?></h2> 12 12 <form method="post" action="options.php"> 13 <?php wp_nonce_field('update-options') ?> 13 14 <table width="100%" cellspacing="2" cellpadding="5" class="editform"> 14 15 <tr valign="top"> 15 16 <th width="33%" scope="row"> <?php _e('Size of the post box:') ?></th> -
wp-admin/categories.php
24 24 25 25 case 'addcat': 26 26 27 check_admin_referer( );27 check_admin_referer('add-category'); 28 28 29 29 if ( !current_user_can('manage_categories') ) 30 30 die (__('Cheatin’ uh?')); … … 35 35 break; 36 36 37 37 case 'delete': 38 $cat_ID = (int) $_GET['cat_ID']; 39 check_admin_referer('delete-category' . $cat_ID); 38 40 39 check_admin_referer();40 41 41 if ( !current_user_can('manage_categories') ) 42 42 die (__('Cheatin’ uh?')); 43 43 44 $cat_ID = (int) $_GET['cat_ID'];45 44 $cat_name = get_catname($cat_ID); 46 45 47 46 // Don't delete the default cats. … … 67 66 <div class="wrap"> 68 67 <h2><?php _e('Edit Category') ?></h2> 69 68 <form name="editcat" action="categories.php" method="post"> 69 <?php wp_nonce_field('update-category' . $category->cat_ID); ?> 70 70 <table class="editform" width="100%" cellspacing="2" cellpadding="5"> 71 71 <tr> 72 72 <th width="33%" scope="row" valign="top"><label for="cat_name"><?php _e('Category name:') ?></label></th> … … 99 99 break; 100 100 101 101 case 'editedcat': 102 check_admin_referer(); 102 $cat_ID = (int) $_POST['cat_ID']; 103 check_admin_referer('update-category' . $cat_ID); 103 104 104 105 if ( !current_user_can('manage_categories') ) 105 106 die (__('Cheatin’ uh?')); … … 157 158 <div class="wrap"> 158 159 <h2><?php _e('Add New Category') ?></h2> 159 160 <form name="addcat" id="addcat" action="categories.php" method="post"> 161 <?php wp_nonce_field('add-category'); ?> 160 162 <div class="alignleft"><?php _e('Name:') ?><br /> 161 163 <input type="text" name="cat_name" id="cat_name" value="" /></p> 162 164 <p><?php _e('Category parent:') ?><br />