WordPress.org

Make WordPress Core

Changeset 17121


Ignore:
Timestamp:
12/23/2010 03:56:32 PM (7 years ago)
Author:
ryan
Message:

Check bulk-themes nonce before bulk delete. fixes #15922

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-admin/network/themes.php

    r17101 r17121  
    8686            $main_theme = get_current_theme();
    8787            $files_to_delete = $theme_info = array();
    88             foreach( $themes as $key => $theme ) {
     88            foreach ( $themes as $key => $theme ) {
    8989                $data = get_theme_data( WP_CONTENT_DIR . '/themes/' . $theme . '/style.css' );
    9090                if ( $data['Name'] == $main_theme ) {
     
    100100                exit;
    101101            }
    102            
     102
    103103            include(ABSPATH . 'wp-admin/update.php');
    104104
     
    149149                require_once(ABSPATH . 'wp-admin/admin-footer.php');
    150150                exit;
    151             } //Endif verify-delete
    152             foreach( $themes as $theme )
     151            } // Endif verify-delete
     152            check_admin_referer('bulk-themes');
     153            foreach ( $themes as $theme )
    153154                $delete_result = delete_theme( $theme );
    154155            wp_redirect( network_admin_url( 'themes.php?deleted=true' ) );
Note: See TracChangeset for help on using the changeset viewer.