WordPress.org

Make WordPress Core

Changeset 14933


Ignore:
Timestamp:
05/26/10 04:55:21 (5 years ago)
Author:
nacin
Message:

Separate out multiple _ajax_nonce fields on post forms. Yay, validation. fixes #13383.

Location:
trunk/wp-admin
Files:
3 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-admin/admin-ajax.php

    r14886 r14933  
    219219    $action = $_POST['action']; 
    220220    $taxonomy = get_taxonomy(substr($action, 4)); 
    221     check_ajax_referer( $action ); 
     221    check_ajax_referer( $action, '_ajax_nonce-add-' . $taxonomy->name ); 
    222222    if ( !current_user_can( $taxonomy->cap->edit_terms ) ) 
    223223        die('-1'); 
     
    703703    break; 
    704704case 'replyto-comment' : 
    705     check_ajax_referer( $action ); 
     705    check_ajax_referer( $action, '_ajax_nonce-replyto-comment' ); 
    706706 
    707707    $comment_post_ID = (int) $_POST['comment_post_ID']; 
     
    772772    break; 
    773773case 'edit-comment' : 
    774     check_ajax_referer( 'replyto-comment' ); 
     774    check_ajax_referer( 'replyto-comment', '_ajax_nonce-replyto-comment' ); 
    775775 
    776776    $comment_post_ID = (int) $_POST['comment_post_ID']; 
     
    846846    break; 
    847847case 'add-meta' : 
    848     check_ajax_referer( 'add-meta' ); 
     848    check_ajax_referer( 'add-meta', '_ajax_nonce-add-meta' ); 
    849849    $c = 0; 
    850850    $pid = (int) $_POST['post_id']; 
  • trunk/wp-admin/includes/meta-boxes.php

    r14931 r14933  
    337337                    <?php wp_dropdown_categories( array( 'taxonomy' => $taxonomy, 'hide_empty' => 0, 'name' => 'new'.$taxonomy.'_parent', 'orderby' => 'name', 'hierarchical' => 1, 'show_option_none' => '&mdash; ' . $tax->labels->parent_item . ' &mdash;', 'tab_index' => 3 ) ); ?> 
    338338                    <input type="button" id="<?php echo $taxonomy; ?>-add-submit" class="add:<?php echo $taxonomy ?>checklist:<?php echo $taxonomy ?>-add button category-add-sumbit" value="<?php echo esc_attr( $tax->labels->add_new_item ); ?>" tabindex="3" /> 
    339                     <?php wp_nonce_field( 'add-'.$taxonomy, '_ajax_nonce', false ); ?> 
     339                    <?php wp_nonce_field( 'add-'.$taxonomy, '_ajax_nonce-add-'.$taxonomy, false ); ?> 
    340340                    <span id="<?php echo $taxonomy; ?>-ajax-response"></span> 
    341341                </p> 
  • trunk/wp-admin/includes/template.php

    r14929 r14933  
    22872287    <input type="hidden" name="checkbox" id="checkbox" value="<?php echo $checkbox ? 1 : 0; ?>" /> 
    22882288    <input type="hidden" name="mode" id="mode" value="<?php echo esc_attr($mode); ?>" /> 
    2289     <?php wp_nonce_field( 'replyto-comment', '_ajax_nonce', false ); ?> 
     2289    <?php wp_nonce_field( 'replyto-comment', '_ajax_nonce-replyto-comment', false ); ?> 
    22902290    <?php wp_comment_form_unfiltered_html_nonce(); ?> 
    22912291<?php if ( $table_row ) : ?> 
     
    24632463<tr><td colspan="2" class="submit"> 
    24642464<input type="submit" id="addmetasub" name="addmeta" class="add:the-list:newmeta" tabindex="9" value="<?php esc_attr_e( 'Add Custom Field' ) ?>" /> 
    2465 <?php wp_nonce_field( 'add-meta', '_ajax_nonce', false ); ?> 
     2465<?php wp_nonce_field( 'add-meta', '_ajax_nonce-add-meta', false ); ?> 
    24662466</td></tr> 
    24672467</tbody> 
Note: See TracChangeset for help on using the changeset viewer.