Changeset 14933 for trunk/wp-admin/admin-ajax.php

Timestamp:

05/26/2010 04:55:21 AM (15 years ago)

Author:

nacin

Message:

Separate out multiple _ajax_nonce fields on post forms. Yay, validation. fixes #13383.

File:

• trunk/wp-admin/admin-ajax.php (modified) (4 diffs)

trunk/wp-admin/admin-ajax.php

@@ -219 +219 @@
     $action = $_POST['action'];
     $taxonomy = get_taxonomy(substr($action, 4));
-    check_ajax_referer( $action );
+    check_ajax_referer( $action, '_ajax_nonce-add-' . $taxonomy->name );
     if ( !current_user_can( $taxonomy->cap->edit_terms ) )
         die('-1');
@@ -703 +703 @@
     break;
 case 'replyto-comment' :
-    check_ajax_referer( $action );
+    check_ajax_referer( $action, '_ajax_nonce-replyto-comment' );
 
     $comment_post_ID = (int) $_POST['comment_post_ID'];
@@ -772 +772 @@
     break;
 case 'edit-comment' :
-    check_ajax_referer( 'replyto-comment' );
+    check_ajax_referer( 'replyto-comment', '_ajax_nonce-replyto-comment' );
 
     $comment_post_ID = (int) $_POST['comment_post_ID'];
@@ -846 +846 @@
     break;
 case 'add-meta' :
-    check_ajax_referer( 'add-meta' );
+    check_ajax_referer( 'add-meta', '_ajax_nonce-add-meta' );
     $c = 0;
     $pid = (int) $_POST['post_id'];