Changeset 11962

Timestamp:

09/23/2009 06:59:20 AM (16 years ago)

Author:

westi

Message:

Move the nonce on the import upload form to the action url so it always arrives even if the post data exceeds post_max_size. Also add some phpdoc. See #10830.

File:

• trunk/wp-admin/includes/template.php (modified) (2 diffs)

trunk/wp-admin/includes/template.php

@@ -2815 +2815 @@
 
 /**
- * {@internal Missing Short Description}}
- *
- * @since unknown
- *
- * @param unknown_type $action
+ * Outputs the form used by the importers to accept the data to be imported
+ *
+ * @since 2.0
+ *
+ * @param string $action The action attribute for the form.
  */
 function wp_import_upload_form( $action ) {
@@ -2830 +2830 @@
     else :
 ?>
-<form enctype="multipart/form-data" id="import-upload-form" method="post" action="<?php echo esc_attr($action) ?>">
+<form enctype="multipart/form-data" id="import-upload-form" method="post" action="<?php echo esc_attr(wp_nonce_url($action, 'import-upload')); ?>">
 <p>
-<?php wp_nonce_field('import-upload'); ?>
 <label for="upload"><?php _e( 'Choose a file from your computer:' ); ?></label> (<?php printf( __('Maximum size: %s' ), $size ); ?>)
 <input type="file" id="upload" name="import" size="25" />