WordPress.org

Make WordPress Core

Changeset 11962


Ignore:
Timestamp:
09/23/2009 06:59:20 AM (9 years ago)
Author:
westi
Message:

Move the nonce on the import upload form to the action url so it always arrives even if the post data exceeds post_max_size. Also add some phpdoc. See #10830.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-admin/includes/template.php

    r11956 r11962  
    28152815
    28162816/**
    2817  * {@internal Missing Short Description}}
    2818  *
    2819  * @since unknown
    2820  *
    2821  * @param unknown_type $action
     2817 * Outputs the form used by the importers to accept the data to be imported
     2818 *
     2819 * @since 2.0
     2820 *
     2821 * @param string $action The action attribute for the form.
    28222822 */
    28232823function wp_import_upload_form( $action ) {
     
    28302830    else :
    28312831?>
    2832 <form enctype="multipart/form-data" id="import-upload-form" method="post" action="<?php echo esc_attr($action) ?>">
     2832<form enctype="multipart/form-data" id="import-upload-form" method="post" action="<?php echo esc_attr(wp_nonce_url($action, 'import-upload')); ?>">
    28332833<p>
    2834 <?php wp_nonce_field('import-upload'); ?>
    28352834<label for="upload"><?php _e( 'Choose a file from your computer:' ); ?></label> (<?php printf( __('Maximum size: %s' ), $size ); ?>)
    28362835<input type="file" id="upload" name="import" size="25" />
Note: See TracChangeset for help on using the changeset viewer.